Sciweavers

CCS
2007
ACM

Beamauth: two-factor web authentication with a bookmark

14 years 6 months ago
Beamauth: two-factor web authentication with a bookmark
We propose BeamAuth, a two-factor web authentication technique where the second factor is a specially crafted bookmark. BeamAuth presents two interesting features: (1) only server-side deployment is required alongside any modern, out-of-the-box web browser on the client side, and (2) credentials remain safe against many types of phishing attacks, even if the user fails to check proper user interface indicators. BeamAuth is deployable immediately by any login-protected web server with only minimal work, and it neither weakens nor interferes with other anti-phishing techniques. We believe BeamAuth may be most useful in preventing a number of phishing attacks at high-value single sign-on sites, e.g. OpenID providers. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection—Authentication; K.4.2 [Computers and Society]: Social Issues General Terms Design, Human Factors, Security Keywords phishing, two-factor authentication, web ...
Ben Adida
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where CCS
Authors Ben Adida
Comments (0)