passpet
play

Passpet Convenient Password Management and Phishing Protection - PowerPoint PPT Presentation

Nov 22, 2023 •436 likes •961 views

Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker ping@zesty.ca kragen@pobox.com problems: design: solutions: practical matters: evaluation: problems: the big 5 problems: the big 5 1 many

  1. Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker ping@zesty.ca kragen@pobox.com

  2. problems: design: solutions: practical matters: evaluation:

  3. problems: the big 5

  4. problems: the big 5 1 many passwords

  5. problems: the big 5 1 many passwords 2 dictionary attack

  6. problems: the big 5 1 many passwords 2 dictionary attack 3 password entry in webpages

  8. problems: the big 5 1 many passwords 2 dictionary attack 3 password entry in webpages 4 site impersonation

  12. problems: the big 5 1 many passwords 2 dictionary attack 3 password entry in webpages 4 site impersonation 5 UI spoofing

  14. problems: the big 5 1 many passwords 2 dictionary attack 3 password entry in webpages 4 site impersonation 5 UI spoofing

  15. design:

  16. design: logging in setting up a new password setting up Passpet

  17. solutions:

  18. solutions: 1 many passwords

  19. master secret site-specific ⊕ password site name

  20. master secret site-specific ⊕ password site name

  21. master secret site-specific ⊕ password site name

  22. solutions: 1 many passwords 2 dictionary attack

  23. master secret site-specific ⊕ password site name

  24. ? site-specific ⊕ password site name

  25. ? site-specific + password site name

  26. master secret site-specific + password site name

  27. master secret site-specific + + password site name

  28. Password Multiplier (Halderman, 2005) master secret master secret site-specific + + password user name site name

  29. Passpet: variable-strength password hash

  30. Give responsive feedback on password strength.

  31. solutions: 1 many passwords 2 dictionary attack 3 password entry in webpages

  33. solutions: 1 many passwords 2 dictionary attack 3 password entry in webpages 4 site impersonation

  34. Petname Tool (Close, 2005)

  35. Passpet: use site label for hashing

  36. Help users rely on information from the user, not an attacker.

  37. solutions: 1 many passwords 2 dictionary attack 3 password entry in webpages 4 site impersonation 5 UI spoofing

  38. Dynamic Security Skins (Dhamija, 2005)

  39. Passpet: interact directly with custom icon

  40. Passpet: interact directly with custom icon

  41. Get the user to interact with something personalized.

  42. contributions: 1 variable-strength hashing 2 password strength feedback 3 use user-assigned labels for hashing 4 personalized security agent 5 direct interaction with customized UI

  43. practical matters:

  44. practical matters: What if you want to use another computer?

  45. practical matters: What if someone gets your password file?

  46. practical matters: What if you want to use another computer? Firefox Passpet Server Passpet encrypted encrypted site labels site labels

  47. practical matters: What if you want to use existing websites?

  48. practical matters: What if you need to change a password?

  49. evaluation:

  50. evaluation: Passpet for Internet Explorer: tested at HP labs with 15 users main complaint: want to use other computers Passpet for Firefox: not yet usability-tested

  51. thanks: Tyler Close (Petname Tool) Alan Karp (Passpet user study) David Wagner (design and cryptography) J. Alex Halderman (Password Multiplier) Rachna Dhamija (Dynamic Security Skins) http://passpet.org/

Recommend

More recommend