Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • LISA '12 Home
  • Registration Information
  • Registration Discounts
  • Organizers
  • At a Glance
  • Calendar
  • Conference Themes
  • Training Program
    • Live Streaming
  • Technical Sessions
  • Workshops
  • Data Storage Day
  • ION San Diego
  • Posters
  • Birds-of-a-Feather Sessions
  • Exhibition
  • Sponsors
  • Activities
  • Why Attend?
  • Hotel and Travel Information
  • Services
  • Students and Grants
  • Questions?
  • Help Promote
  • Flyer PDF
  • Brochure PDF
  • For Participants
  • Call for Participation
  • Past Proceedings

sponsors

Diamond Sponsor
Diamond Sponsor
Gold Sponsor
Gold Sponsor
Silver Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor

twitter

Tweets by @LISAConference

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector
Tweet

connect with us

http://twitter.com/usenix
https://www.facebook.com/events/280256018711626/
http://www.linkedin.com/groups/USENIX-Association-49559/about
http://www.youtube.com/user/USENIXAssociation

Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector

Authors: 

Chuan Yue, University of Colorado at Colorado Springs
Awarded Best Paper!   

Abstract: 

Modern Web browsers do not provide sufficient protection to prevent users from submitting their online passwords to inappropriate websites. As a result, users may accidentally reveal their passwords for high-security websites to inappropriate low-security websites or even phishing websites. In this paper, we address this limitation of modern browsers by proposing LoginInspector, a profiling-based warning mechanism. The key idea of LoginInspector is to continuously monitor a user’s login actions and securely store hashed domain-specific successful login information to an in-browser database. Later on, whenever the user attempts to log into a website that does not have the corresponding successful login record, LoginInspector will warn and enable the user to make an informed decision on whether to really send this login information to the website. LoginInspector can also report users’ insecure password practices to system administrators so that targeted training and technical assistance can be provided to vulnerable users. We implemented LoginInspector as a Firefox browser extension and evaluated it on 30 popular legitimate websites, 30 sample phishing websites, and one new phishing scam discovered by M86 Security Labs. Our evaluation and analysis indicate that LoginInspector is a secure and useful mechanism that can be easily integrated into modern Web browsers to complement their existing protection mechanisms. Security system administrators in our university commented that such a tool could be very helpful for them to strengthen campus IT security.

Chuan Yue, University of Colorado at Colorado Springs

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Yue PDF
View the slides

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

Award: 
Best Paper
  • Log in or    Register to post comments

Diamond Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

LISA is a registered trademark of the USENIX Association.

  • Privacy Policy
  • Contact Us