{"id":"https://openalex.org/W1968854550","doi":"https://doi.org/10.1109/tifs.2011.2169958","title":"oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks","display_name":"oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks","publication_year":2011,"publication_date":"2011-10-05","ids":{"openalex":"https://openalex.org/W1968854550","doi":"https://doi.org/10.1109/tifs.2011.2169958","mag":"1968854550"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2011.2169958","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2011.2169958","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076813053","display_name":"Hung\u2013Min Sun","orcid":"https://orcid.org/0000-0003-0870-9973"},"institutions":[{"id":"https://openalex.org/I25846049","display_name":"National Tsing Hua University","ror":"https://ror.org/00zdnkx70","country_code":"TW","type":"education","lineage":["https://openalex.org/I25846049"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Hung-Min Sun","raw_affiliation_strings":["EECS ISLAB, Department of Computer Science, National Tsing Hua University, HsinChu, Taiwan","Department of Computer Science, National Tsing Hua University, Hsinchu, Taiwan#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EECS ISLAB, Department of Computer Science, National Tsing Hua University, HsinChu, Taiwan","institution_ids":["https://openalex.org/I25846049"]},{"raw_affiliation_string":"Department of Computer Science, National Tsing Hua University, Hsinchu, Taiwan#TAB#","institution_ids":["https://openalex.org/I25846049"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062774712","display_name":"Yao-Hsin Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I25846049","display_name":"National Tsing Hua University","ror":"https://ror.org/00zdnkx70","country_code":"TW","type":"education","lineage":["https://openalex.org/I25846049"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yao-Hsin Chen","raw_affiliation_strings":["EECS ISLAB, Department of Computer Science, National Tsing Hua University, HsinChu, Taiwan","Department of Computer Science, National Tsing Hua University, Hsinchu, Taiwan#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EECS ISLAB, Department of Computer Science, National Tsing Hua University, HsinChu, Taiwan","institution_ids":["https://openalex.org/I25846049"]},{"raw_affiliation_string":"Department of Computer Science, National Tsing Hua University, Hsinchu, Taiwan#TAB#","institution_ids":["https://openalex.org/I25846049"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019928123","display_name":"Yue-Hsun Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I25846049","display_name":"National Tsing Hua University","ror":"https://ror.org/00zdnkx70","country_code":"TW","type":"education","lineage":["https://openalex.org/I25846049"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yue-Hsun Lin","raw_affiliation_strings":["EECS ISLAB, Department of Computer Science, National Tsing Hua University, HsinChu, Taiwan","Department of Computer Science, National Tsing Hua University, Hsinchu, Taiwan#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EECS ISLAB, Department of Computer Science, National Tsing Hua University, HsinChu, Taiwan","institution_ids":["https://openalex.org/I25846049"]},{"raw_affiliation_string":"Department of Computer Science, National Tsing Hua University, Hsinchu, Taiwan#TAB#","institution_ids":["https://openalex.org/I25846049"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I25846049"],"apc_list":null,"apc_paid":null,"fwci":33.4738,"has_fulltext":false,"cited_by_count":135,"citation_normalized_percentile":{"value":0.99518233,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"7","issue":"2","first_page":"651","last_page":"663"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9264807105064392},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8091888427734375},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7255823612213135},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.6433525085449219},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.6167816519737244},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.6075881123542786},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5874180793762207},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.5134995579719543},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.43362870812416077},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.32025614380836487}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9264807105064392},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8091888427734375},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7255823612213135},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.6433525085449219},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.6167816519737244},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.6075881123542786},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5874180793762207},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.5134995579719543},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.43362870812416077},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.32025614380836487}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2011.2169958","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2011.2169958","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6899999976158142,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":51,"referenced_works":["https://openalex.org/W17439628","https://openalex.org/W312335232","https://openalex.org/W1485033854","https://openalex.org/W1491237615","https://openalex.org/W1498527206","https://openalex.org/W1504695911","https://openalex.org/W1551910192","https://openalex.org/W1607915502","https://openalex.org/W1634470931","https://openalex.org/W1656028867","https://openalex.org/W2025448348","https://openalex.org/W2030993695","https://openalex.org/W2096938398","https://openalex.org/W2097267243","https://openalex.org/W2097300520","https://openalex.org/W2098112891","https://openalex.org/W2104773223","https://openalex.org/W2108759546","https://openalex.org/W2111303254","https://openalex.org/W2111465783","https://openalex.org/W2113247363","https://openalex.org/W2113446256","https://openalex.org/W2114189125","https://openalex.org/W2115218409","https://openalex.org/W2125927592","https://openalex.org/W2126453598","https://openalex.org/W2129088386","https://openalex.org/W2131906261","https://openalex.org/W2140464265","https://openalex.org/W2145881505","https://openalex.org/W2148327104","https://openalex.org/W2151135920","https://openalex.org/W2157007820","https://openalex.org/W2161954933","https://openalex.org/W2162272584","https://openalex.org/W2168549506","https://openalex.org/W2171133282","https://openalex.org/W2171920515","https://openalex.org/W2186564720","https://openalex.org/W4248561262","https://openalex.org/W6600715509","https://openalex.org/W6610825993","https://openalex.org/W6628932435","https://openalex.org/W6629287744","https://openalex.org/W6630038615","https://openalex.org/W6636250284","https://openalex.org/W6636925375","https://openalex.org/W6679085220","https://openalex.org/W6683814343","https://openalex.org/W6684764570","https://openalex.org/W6686778775"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W2359085393","https://openalex.org/W4221040820","https://openalex.org/W2385370155","https://openalex.org/W2916013051","https://openalex.org/W3125785768","https://openalex.org/W2021087413","https://openalex.org/W2596766976","https://openalex.org/W1844709308","https://openalex.org/W2182949018"],"abstract_inverted_index":{"Text":[0],"password":[1,77,85,119,122,156],"is":[2,170],"the":[3,41,164,176],"most":[4],"popular":[5],"form":[6],"of":[7],"user":[8,103],"authentication":[9,104,179],"on":[10,159],"websites":[11],"due":[12],"to":[13,23,64,67,88,117,152],"its":[14],"convenience":[15],"and":[16,26,31,39,95,113,121,136,144,172],"simplicity.":[17],"However,":[18],"users'":[19],"passwords":[20,38,43,49,72],"are":[21],"prone":[22],"be":[24],"stolen":[25],"compromised":[27],"under":[28],"different":[29,45],"threats":[30],"vulnerabilities.":[32],"Firstly,":[33],"users":[34,149],"often":[35],"select":[36],"weak":[37],"reuse":[40,123],"same":[42],"across":[44],"websites.":[46,69,161],"Routinely":[47],"reusing":[48],"causes":[50],"a":[51,102,110,132,138,154],"domino":[52],"effect;":[53],"when":[54],"an":[55],"adversary":[56,81],"compromises":[57],"one":[58],"password,":[59],"she":[60],"will":[61],"exploit":[62],"it":[63],"gain":[65],"access":[66],"more":[68],"Second,":[70],"typing":[71],"into":[73],"untrusted":[74],"computers":[75],"suffers":[76],"thief":[78],"threat.":[79],"An":[80],"can":[82],"launch":[83],"several":[84],"stealing":[86,120],"attacks":[87],"snatch":[89],"passwords,":[90],"such":[91],"as":[92],"phishing,":[93],"keyloggers":[94],"malware.":[96],"In":[97],"this":[98],"paper,":[99],"we":[100,167],"design":[101],"protocol":[105],"named":[106],"oPass":[107,125,165,169],"which":[108],"leverages":[109],"user's":[111],"cellphone":[112],"short":[114],"message":[115],"service":[116,140],"thwart":[118],"attacks.":[124],"only":[126,150],"requires":[127],"each":[128],"participating":[129],"website":[130],"possesses":[131],"unique":[133],"phone":[134],"number,":[135],"involves":[137],"telecommunication":[139],"provider":[141],"in":[142],"registration":[143],"recovery":[145],"phases.":[146],"Through":[147],"oPass,":[148],"need":[151],"remember":[153],"long-term":[155],"for":[157],"login":[158],"all":[160],"After":[162],"evaluating":[163],"prototype,":[166],"believe":[168],"efficient":[171],"affordable":[173],"compared":[174],"with":[175],"conventional":[177],"web":[178],"mechanisms.":[180]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":11},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":11},{"year":2017,"cited_by_count":11},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":15},{"year":2014,"cited_by_count":12},{"year":2013,"cited_by_count":14},{"year":2012,"cited_by_count":3}],"updated_date":"2026-07-15T18:14:33.161393","created_date":"2025-10-10T00:00:00"}
