all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers

Add to bookmarks
Feb. 12, 2024, 5:10 a.m. | Anuj Gautam Tarun Kumar Yadav Kent Seamons Scott Ruoti

cs.CR updates on arXiv.org arxiv.org

Password-based authentication faces various security and usability issues. Password managers help alleviate some of these issues by enabling users to manage their passwords effectively. However, malicious client-side scripts and browser extensions can steal passwords after they have been autofilled by the manager into the web page. In this paper, we explore what role the password manager can take in preventing the theft of autofilled credentials without requiring a change to user behavior. To this end, we identify a threat model …

authentication browser browser extensions browsers can channel client client-side cs.cr effectively entry extensions malicious manage manager managers password password managers passwords scripts secret security steal the web usability web web browsers

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

IDEA: Invariant Defense for Graph Adversarial Robustness 1 day, 18 hours ago | arxiv.org
adversarial arxiv cs.cr cs.lg +4
BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting 1 day, 18 hours ago | arxiv.org
art arxiv attackers attacks +19
ZTD$_{JAVA}$: Mitigating Software Supply Chain Vulnerabilities via Zero-Trust Dependencies 1 day, 18 hours ago | arxiv.org
accelerate application application development arxiv +26
A Generative Framework for Low-Cost Result Validation of Machine Learning-as-a-Service Inference 1 day, 18 hours ago | arxiv.org
applications arxiv as-a-service cost +23
PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot 1 day, 18 hours ago | arxiv.org
arxiv attack attacks attack surface +18
FairCMS: Cloud Media Sharing with Fair Copyright Protection 1 day, 18 hours ago | arxiv.org
arxiv cloud cloud platform copyright +16
Efficient unitary designs and pseudorandom unitaries from permutations 1 day, 18 hours ago | arxiv.org
algorithm arxiv construction cs.cr +9
Efficient and Near-Optimal Noise Generation for Streaming Differential Privacy 1 day, 18 hours ago | arxiv.org
arxiv cs.cc cs.cr cs.ds +11
Privacy-Preserving Statistical Data Generation: Application to Sepsis Detection 1 day, 18 hours ago | arxiv.org
application artificial artificial intelligence arxiv +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote Canada
View on infosec-jobs.com

Senior Application Security Engineer

@ Revinate | San Francisco Bay Area
View on infosec-jobs.com

Cyber Security Manager

@ American Express Global Business Travel | United States - New York - Virtual Location
View on infosec-jobs.com

Incident Responder Intern

@ Bentley Systems | Remote, PA, US
View on infosec-jobs.com

SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com
View more jobs