{"id":"https://openalex.org/W3100216496","doi":"https://doi.org/10.1109/dsc54232.2022.9888923","title":"Securing Password Authentication for Web-based Applications","display_name":"Securing Password Authentication for Web-based Applications","publication_year":2022,"publication_date":"2022-06-22","ids":{"openalex":"https://openalex.org/W3100216496","doi":"https://doi.org/10.1109/dsc54232.2022.9888923","mag":"3100216496"},"language":"en","primary_location":{"id":"doi:10.1109/dsc54232.2022.9888923","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsc54232.2022.9888923","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044863494","display_name":"Teik Guan Tan","orcid":"https://orcid.org/0000-0003-3373-699X"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Teik Guan Tan","raw_affiliation_strings":["Singapore University of Technology and Design,Singapore","Singapore University of Technology and Design, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design,Singapore","institution_ids":["https://openalex.org/I152815399"]},{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054220744","display_name":"Pawe\u0142 Sza\u0142achowski","orcid":"https://orcid.org/0000-0003-0871-3729"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Pawel Szalachowski","raw_affiliation_strings":["Singapore University of Technology and Design,Singapore","Singapore University of Technology and Design, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design,Singapore","institution_ids":["https://openalex.org/I152815399"]},{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008266220","display_name":"Jianying Zhou","orcid":"https://orcid.org/0000-0003-0594-0432"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jianying Zhou","raw_affiliation_strings":["Singapore University of Technology and Design,Singapore","Singapore University of Technology and Design, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design,Singapore","institution_ids":["https://openalex.org/I152815399"]},{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5044863494"],"corresponding_institution_ids":["https://openalex.org/I152815399"],"apc_list":null,"apc_paid":null,"fwci":1.13997333,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.77692866,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":"98","issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.7599610090255737},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6922138333320618},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5513095259666443},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.5149539113044739},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4909525215625763},{"id":"https://openalex.org/keywords/challenge\u2013response-authentication","display_name":"Challenge\u2013response authentication","score":0.41592341661453247},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.41175681352615356},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3994753062725067},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.37556779384613037},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.3038488030433655}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.7599610090255737},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6922138333320618},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5513095259666443},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.5149539113044739},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4909525215625763},{"id":"https://openalex.org/C131129157","wikidata":"https://www.wikidata.org/wiki/Q1059963","display_name":"Challenge\u2013response authentication","level":4,"score":0.41592341661453247},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.41175681352615356},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3994753062725067},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.37556779384613037},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.3038488030433655}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/dsc54232.2022.9888923","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsc54232.2022.9888923","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7799999713897705,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W12010980","https://openalex.org/W12767681","https://openalex.org/W15657327","https://openalex.org/W134409196","https://openalex.org/W1468946140","https://openalex.org/W1549671385","https://openalex.org/W1595293097","https://openalex.org/W1605786385","https://openalex.org/W1742155081","https://openalex.org/W1966841760","https://openalex.org/W1987283229","https://openalex.org/W2029591949","https://openalex.org/W2088492763","https://openalex.org/W2099889974","https://openalex.org/W2113446256","https://openalex.org/W2114021497","https://openalex.org/W2119422255","https://openalex.org/W2124926080","https://openalex.org/W2133432179","https://openalex.org/W2146221517","https://openalex.org/W2151413173","https://openalex.org/W2157604883","https://openalex.org/W2172042037","https://openalex.org/W2190286163","https://openalex.org/W2295478238","https://openalex.org/W2300554752","https://openalex.org/W2354711464","https://openalex.org/W2470176151","https://openalex.org/W2618014102","https://openalex.org/W2765227388","https://openalex.org/W2795336163","https://openalex.org/W2915352631","https://openalex.org/W2916399511","https://openalex.org/W2963108375","https://openalex.org/W2965442679","https://openalex.org/W6605535204","https://openalex.org/W6635808058","https://openalex.org/W6636204801","https://openalex.org/W6677934245","https://openalex.org/W6766417006"],"related_works":["https://openalex.org/W2377075426","https://openalex.org/W2348068295","https://openalex.org/W2021337165","https://openalex.org/W2050433615","https://openalex.org/W128488073","https://openalex.org/W2135836328","https://openalex.org/W2945948711","https://openalex.org/W2374274463","https://openalex.org/W2036082688","https://openalex.org/W2085013698"],"abstract_inverted_index":{"There":[0],"is":[1,88],"currently":[2],"no":[3],"foolproof":[4],"mechanism":[5],"for":[6,77],"any":[7],"website":[8],"to":[9,16,27,97,114,127,156],"prevent":[10],"their":[11,21],"users":[12],"from":[13,92],"being":[14],"directed":[15],"fraudulent":[17],"websites":[18],"and":[19,39,56,79,106,119,122,151,160],"having":[20],"passwords":[22],"stolen.":[23],"Phishing":[24],"attacks":[25,82],"continue":[26],"plague":[28],"password-based":[29],"authentication":[30,86],"despite":[31],"ag-gressive":[32],"efforts":[33],"in":[34,61],"detection,":[35],"takedown,":[36],"user":[37],"awareness":[38],"training":[40],"programs.":[41],"In":[42],"this":[43],"paper,":[44],"we":[45,68],"apply":[46],"a":[47,58,124,131,153],"threat":[48],"analysis":[49],"on":[50],"the":[51,62,84,98,112,139,144],"web":[52,85,99],"password":[53,95,117],"login":[54],"process,":[55],"highlight":[57],"design":[59],"shortcoming":[60],"HTML":[63],"<input":[64],"type=\"password\">":[65],"field":[66,96,135],"which":[67],"recommend":[69],"be":[70,75,128],"deprecated.":[71],"This":[72],"weakness":[73],"can":[74],"exploited":[76],"phishing":[78,118],"man-in-the-middle":[80],"(MITM)":[81],"as":[83],"process":[87],"not":[89],"end-to-end":[90],"secured":[91],"each":[93],"input":[94,133],"server.":[100],"We":[101,141],"identify":[102],"four":[103],"protocol":[104,126,146],"properties":[105],"one":[107],"browser":[108],"property":[109],"that":[110,136],"encapsulate":[111],"requirements":[113],"stop":[115],"web-based":[116],"MITM":[120],"attacks,":[121],"propose":[123],"secure":[125],"used":[129],"with":[130,138],"new":[132],"credential":[134],"complies":[137],"properties.":[140],"further":[142],"analyze":[143],"proposed":[145],"through":[147],"an":[148],"abuse-case":[149],"evaluation":[150],"perform":[152],"test":[154],"implementation":[155],"understand":[157],"its":[158],"data":[159],"execution":[161],"overheads.":[162]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}