Is Everything We Know About Password Stealing Wrong?
Author(s): Dinei Florencio, Cormac Herley

Date: November 2012
Publication: IEEE Journal of Security & Privacy, Volume 10, Issue 6
Page(s): 63 - 69
Publisher: IEEE
Source 1: http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf
Source 2: http://dx.doi.org/10.1109/MSP.2012.57 - Subscription or payment required

Abstract or Summary:
Federal Reserve Regulation E guarantees that US consumers are made whole when their bank passwords are stolen. The implications lead us to several interesting conclusions. First, emptying accounts is extremely hard: transferring money in a way that is irreversible can generally only be done in a way that cannot later be repudiated. Since password-enabled transfers can always be repudiated this explains the importance of mules, who accept bad transfers and initiate good ones. This suggests that it is the mule accounts rather than those of victims that are pillaged. We argue that passwords are not the bottle-neck, and are but one, and by no means the most important, ingredient in the cyber-crime value chain. We show that, in spite of appearances, password-stealing is a bad business proposition.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com