Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Protecting Accounts from Credential Stuffing with Password Breach Alerting

USENIX via YouTube

Overview

Explore a Distinguished Paper Award-winning conference talk from USENIX Security '19 that delves into a privacy-preserving protocol for protecting accounts from credential stuffing attacks. Learn about the asymmetry of knowledge between attackers and users, and discover how a centralized breach repository can be queried without compromising sensitive information. Examine the implementation of a cloud service accessing over 4 billion breached credentials and a Chrome extension client. Analyze findings from anonymous telemetry involving 670,000 users and 21 million logins, revealing that 1.5% of web logins use breached credentials. Understand the impact of breach alerts on user behavior, with 26% of warnings resulting in password changes. Explore the ethical considerations, principles, and challenges in designing this protocol, including private set intersection and denial of service prevention. Gain insights into Google's strategy, password security state, and the prevalence of credential stuffing threats across the internet.

Syllabus

Introduction
Motivation
Challenge
Research
Googles strategy
Asymmetry of knowledge
Ethics
Principles
User retention
Most predominant threat
How we designed this protocol
Proof of work
Private 10 intersection
Challenges
Private Center
Denial of Service
Data Source
How we do this
Password Checkup
Breach Response
Warning
Chrome Web Store
Anonymous telemetry
In practice
State of password security
Where is this threat most prominent
The long tail of the Internet
Password strength

Taught by

USENIX

Reviews

Start your review of Protecting Accounts from Credential Stuffing with Password Breach Alerting

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.