Dos and Don'ts of Client Authentication on the Web

Posted in Internet Security Whitepapers, Web Based Password Cracking

0.0/5 rating (0 votes)

Client authentication is a common requirement for modern Web sites as more and more personalized and access-controlled services move online. Unfortunately, many sites use authentication schemes that are extremely weak and vulnerable to attack. These problems are most often due to careless use of authenticators stored on the client. We observed this in an informal survey of authentication mechanisms used by various popular Web sites. Of the twenty-seven sites we investigated, we weakened the client authentication of two systems, gained unauthorized access on eight, and extracted the secret key used to mint authenticators from one.
∙:∙ If you have trouble viewing this document, please click the link below!
Dos and Don’ts of Client Authentication on the Web

Comments (0)

Leave a comment

Please login to leave a comment. Optional login below.