Usable privacy and security researchers have developed a variety of approaches to
represent risk to research participants. To understand how these approaches are used and …

Password-based single-sign-on authentication has been widely applied in mobile
environments. It enables an identity server to issue authentication tokens to mobile users …

Honeywords are decoy passwords associated with each user account to timely detect
password leakage. The key issue lies in how to generate honeywords that are hard to be …

Honeyword (or decoy password) based authentication, first introduced by Juels and Rivest
in 2013, has emerged as a security mechanism that can provide security against server-side …

Authenticating on a website using a password involves a multi-stage login process, where
each stage entails critical policy and implementation decisions that impact login security and …

Abstract Fuzzy Password-Authenticated Key Exchange (fuzzy PAKE) allows cryptographic
keys to be generated from authentication data that is both fuzzy and of low entropy. The …

Error tolerant password-authenticated key exchange (PAKE) allows a user to authenticate to
a server using a password and agree on a session key with the server, provided that the …

The pervasive use of mobile devices exposes users to an elevated risk of shoulder-surfing
attacks. Despite the prior work on shoulder-surfing resistance of mobile user authentication …

We consider the problem of obfuscating programs for fuzzy matching (in other words, testing
whether the Hamming distance between an n-bit input and a fixed n-bit target vector is …

To enhance the usability of password authentication, typo-tolerant password authentication
schemes permit certain deviations in the user-supplied password, to account for common …