Password Managers: Attacks and Defenses
Author(s): David Silver, Suman Jana, Dan Boneh, Eric Chen, Collin Jackson


Abstract:
We study the security of popular password managers and their policies on automatically filling in Web passwords. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We observe significant differences in autofill policies among password managers. Several autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the userís password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers.

PasswordResearch.com Note: Video and audio recordings of paper presentation available here: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com