Skip to main content
Article thumbnail
Location of Repository

TwoKind Authentication: Usable Authenticators for Untrustworthy Environments (Poster Abstract

By Katelin Bailey, Linden Vongsathorn, Apu Kapadia, Chris Masone and Sean W. Smith

Abstract

The ease with which a malicious third party can obtain a user’s password when he or she logs into Internet sites (such as bank or email accounts) from an insecure computer creates a substantial security risk to private information and transactions. For example, a malicious administrator at a cybercafe, or a malicious user with sufficient access to install key loggers at a kiosk, can obtain users ’ passwords easily. Even when users do not trust the machines they are using, many of them are faced with the prospect of accessing their accounts with a single level of privilege. To address this problem, we propose a system based on two modes of authentication—default and restricted. Users can signal to the server whether they are in an untrusted environment so that the server can log them in under restricted privileges that allow them to perform basic actions that cause no serious damage if the session or their password is compromised. 1

Year: 2007
OAI identifier: oai:CiteSeerX.psu:10.1.1.135.6551
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.cs.dartmouth.edu/~s... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.