Among the most prominent threats to web accounts today are cross-site credential attacks. A good example is the theft of a user's password at one website—e.g., by a breach of that website's credential database—and subsequent use of the stolen password to gain access to the same user's accounts at other websites. These attacks, termed credential stuffing, are effective due to the fact that people tend to reuse passwords or their guessable variants across their accounts. Credential stuffing has

more »

... come a primary cause of account takeovers, allowing the attacker to drain accounts of stored value, credit card numbers, and other personal information. Moreover, preventing, detecting, and cleaning up compromised accounts and the value thus stolen is a significant cost for service providers. Aside from direct harm imposed on users' accounts, credential stuffing can also weaken other account defenses, e.g., the honeyword scheme to detect logins with passwords leaked from compromised databases. This dissertation aims to deal with these cross-site credential vulnerabilities and attacks by developing technical approaches to allow websites together to detect and mitigate these threats effectively and securely. In this dissertation, we propose (i) a framework by which websites can coordinate to make it difficult for users to reuse the same or similar passwords across different websites; (ii) a framework by which websites can coordinate to effectively detect active credential stuffing on individual user accounts; (iii) a framework, Amnesia, that uses decoy passwords to detect credential database breaches by detecting the local entry and remote stuffing of decoy passwords without relying on any secret state; and (iv) two efficient private set operation protocols to support the three proposed frameworks for achieving their security and practicality goals.