Leveraging Personal Devices for Stronger Password Authentication From Untrusted Computers

Download Now Date Added: Feb 2010
Format: PDF

Internet authentication for popular end-user transactions, such as online banking and e-commerce, continues to be dominated by passwords entered through end-user Personal Computers (PCs). Most users continue to prefer (typically untrusted) PCs over smaller personal devices for actual transactions, due to usability features related to keyboard and screen size. However most such transactions and their existing underlying protocols are vulnerable to attacks including keylogging, phishing, and pharming, which can extract user identity and sensitive account information allowing account access.