Abstract

Passport is a protocol that enables users to sign onto many different merchants' Web pages by authenticating themselves only once to a common server. This is important because users tend to pick poor (guessable) user names and passwords and to repeat them at different sites. Passport is notable as it is being very widely deployed by Microsoft. At the time of this writing, Passport boasts 40 million consumers and more than 400 authentications per second on average. We examine the Passport single signon protocol, and identify several risks and attacks. We discuss a flaw that we discovered in the interaction of Passport and Netscape browsers that leaves a user logged in while informing him that he has successfully logged out. Finally, we suggest several areas of improvement.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Virtual real-time inspection of nuclear material via VRML and secure web pages
C Nilsen ... J Jortner
-
C Nilsen, et. al.C Nilsen ... J Jortner
01 Apr 1997
Automation and customization of rendered web pages
Michael Bolin ... Robert C Miller
-
Michael Bolin, et. al.Michael Bolin ... Robert C Miller
23 Oct 2005
Naming page elements in end-user web automation
Michael Bolin ... Robert C Miller
ACM SIGSOFT Software Engineering Notes | VOL. 30
Michael Bolin, et. al.Michael Bolin ... Robert C Miller
21 May 2005
Helping Authors Organize Their Research: ORCID in the AGA Journals.
Brook A Simpson ... Thoba K Petrovic
Cellular and molecular gastroenterology and hepatology | VOL. 1
Brook A Simpson, et. al.Brook A Simpson ... Thoba K Petrovic
10 Jul 2015
View more papers

More From: Computer Networks

Paper Title
Journal
Date
Author
Provably efficient security-aware service function tree composing and embedding in multi-vendor networks
Danyang Zheng ... Xiaojun Cao
Computer Networks | VOL. 254
Danyang Zheng, et. al.Danyang Zheng ... Xiaojun Cao
09 Oct 2024
Federated deep learning models for detecting RPL attacks on large-scale hybrid IoT networks
Mohammed Albishari ... Jiyu Tian
Computer Networks | VOL. 254
Mohammed Albishari, et. al.Mohammed Albishari ... Jiyu Tian
06 Oct 2024
Malware communication in smart factories: A network traffic data set
Bernhard Brenner ... Tanja Zseby
Computer Networks | VOL. -
Bernhard Brenner, et. al.Bernhard Brenner ... Tanja Zseby
01 Oct 2024
Cyber threat indicators extraction based on contextual knowledge prompt
Hailiang Tang ... Jun Zhao
Computer Networks | VOL. -
Hailiang Tang, et. al.Hailiang Tang ... Jun Zhao
01 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.