| Due to the rapid development of Internet, people have more and more opportunities to access the resources at the remote servers. However, Internet environment is treacherous and the messages are easily to be copied and forged. Therefore identify of the legitimate users and protection of sensitive data from attacks become more important. A most often and wide way is employing a password to authenticate the identity of a user.Based on the analysis of the Web authentication's characteristics and the deficiency of familiar Web authentication scheme, A simple and practical Web authentication scheme is proposed in this paper. The scheme satisfies the basic security requirement of Web authentication and its implementation is easy and efficient.A browser extension, that transparently produces a different password security and defending against password phishing and other attacks, is described. Since the browser extension applies a cryptographic hash function to a combination of the plaintext password entered in the forms, data associated with the web site, and(optionally) a private salt stored on the client machine, theft of the password received at one site will not yield a password that is useful at another site. While the scheme requires no changes on the server side, implementing this password method securely and transparently in a web browser extension turns out to be quite difficult. Also common password problem and phishing attack result in insecurity by server-side solutions, so strengthening with client-side support will be an effective idea. All the challenges we faced in implementing and some techniques that may be useful to anyone facing similar security issues in a browser environment. |
PDF Full Text Request