Safer Password Systems
The password is an age-old authentication method used by millions of websites and web services for user accounts. Passwords are a brittle security mechanism because password breaches happen regularly, and people often reuse passwords, which exposes users to account compromise.
In this project, we explore ways to help make password systems safer.
Publications
2022Might I Get Pwned: A Second Generation Compromised Credential Checking Service
31th USENIX Security Symposium (USENIX Security 22).
Bijeeta Pal,
Mazharul Islam,
Marina Sanusi Bohuk,
Nick Sullivan,
Luke Valenta,
Tara Whalen,
Christopher A. Wood,
Thomas Ristenpart,
Rahul Chattejee
2019Protocols for checking compromised credentials
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1387-1403. 2019.
Lucy Li,
Bijeeta Pal,
Junade Ali,
Nick Sullivan,
Rahul Chatterjee,
Thomas Ristenpart
Blog posts
- Privacy-Preserving Compromised Credential Checking
- Research Directions in Password Security
- Account Takeover Protection and WAF mitigations to help stop Global Brute Force Campaigns
- OPAQUE: The Best Passwords Never Leave your Device
Armando
Thibault
Christopher
Nick
Wesley
Cefan
Luke
Suleman
Marina
Tara