- LISA '12 Home
- Registration Information
- Registration Discounts
- Organizers
- At a Glance
- Calendar
- Conference Themes
- Training Program
- Technical Sessions
- Workshops
- Data Storage Day
- ION San Diego
- Posters
- Birds-of-a-Feather Sessions
- Exhibition
- Sponsors
- Activities
- Why Attend?
- Hotel and Travel Information
- Services
- Students and Grants
- Questions?
- Help Promote
- Flyer PDF
- Brochure PDF
- For Participants
- Call for Participation
- Past Proceedings
sponsors
usenix conference policies
You are here
Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector
Chuan Yue, University of Colorado at Colorado Springs
Awarded Best Paper!
Modern Web browsers do not provide sufficient protection to prevent users from submitting their online passwords to inappropriate websites. As a result, users may accidentally reveal their passwords for high-security websites to inappropriate low-security websites or even phishing websites. In this paper, we address this limitation of modern browsers by proposing LoginInspector, a profiling-based warning mechanism. The key idea of LoginInspector is to continuously monitor a user’s login actions and securely store hashed domain-specific successful login information to an in-browser database. Later on, whenever the user attempts to log into a website that does not have the corresponding successful login record, LoginInspector will warn and enable the user to make an informed decision on whether to really send this login information to the website. LoginInspector can also report users’ insecure password practices to system administrators so that targeted training and technical assistance can be provided to vulnerable users. We implemented LoginInspector as a Firefox browser extension and evaluated it on 30 popular legitimate websites, 30 sample phishing websites, and one new phishing scam discovered by M86 Security Labs. Our evaluation and analysis indicate that LoginInspector is a secure and useful mechanism that can be easily integrated into modern Web browsers to complement their existing protection mechanisms. Security system administrators in our university commented that such a tool could be very helpful for them to strengthen campus IT security.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Chuan Yue},
title = {Preventing the Revealing of Online Passwords to Inappropriate Websites with {LoginInspector}},
booktitle = {26th Large Installation System Administration Conference (LISA 12)},
year = {2012},
isbn = {978-931971-97-3},
address = {San Diego, CA},
pages = {67--81},
url = {https://www.usenix.org/conference/lisa12/technical-sessions/presentation/yue},
publisher = {USENIX Association},
month = dec
}
connect with us