1 of 74

Web Security

Week 10 - Authentication

Old Dominion University

Department of Computer Science

CS 433/533 Spring 2023

Michael L. Nelson <mln@cs.odu.edu>

2024-10-21

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

2 of 74

How can we build systems which are secure even when the attacker has the user's password?

2

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

3 of 74

What is authentication?

  • Idea: Verify the user is who they say they are
  • Authentication systems classically use three factors:
    • Something you know (e.g., a password)
    • Something you have (e.g., a phone, badge, or cryptographic key)
    • Something you are (e.g., a fingerprint or other biometric data)
  • The more factors used, the more sure we are that the user is who they say they are

3

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

4 of 74

ATMs = two factor authentication

4

  1. what you have (card)
  2. what you know (PIN)

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

5 of 74

Authentication vs. Authorization

  • Authentication: Verify the user is who they say they are
    • Login form
    • Ambient authority (e.g., HTTP cookies)
    • HTTP authentication
  • Authorization: Decide if a user has permission to access a resource
    • Access control lists (ACLs)
    • Capability URLs

5

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

6 of 74

NIST Special Publication 800-63, Revision 3

Digital Identity Guidelines

6

https://pages.nist.gov/800-63-3/sp800-63-3.html

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

7 of 74

Good practices that are not always followed

  • Usernames should be stored case insensitively
    • nelson is the same user as Nelson
    • @WebSciDL is the same as @webscidl
  • Usernames should be unique
    • Two users should not share the same username

7

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

8 of 74

Users choose weak passwords

8

https://www.sentinelone.com/blog/7-signs-weak-password/

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

9 of 74

Designing password requirements

  • Left on their own, users will choose weak passwords
  • Solution: Let's enforce password requirements
    • What should the requirements be?

9

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

10 of 74

Payment Card Industry Data Security Standard (PCI DSS)

10

https://blog.pcisecuritystandards.org/infographic-strong-passwords

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

11 of 74

Password requirement best practices (outdated)

  • Ensure passwords are "complex", i.e. composed of numeric, alphabetic (uppercase and lowercase) characters in addition to special symbols and similar characters
  • Force users to change passwords regularly
  • Require new passwords not previously used by the user
  • Example of a good password: P@ssw0rd1

11

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

12 of 74

Terrible password

requirement practices

  • Maximum length of 8-10 characters
  • Minimum password age policy (to prevent password requirement dodging)
  • Disable copy-and-paste
  • Password hints which lack sufficient entropy
  • Show an on-screen keyboard and make user click to enter password

12

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

13 of 74

Bank login "security images"

13

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

14 of 74

14

http://users.ece.cmu.edu/~lbauer/papers/2014/w2sp2014-securityimages.pdf

The majority of our participants (73%) entered their password when we removed the security image and caption. We found that features that make images more noticeable do not necessarily make them more effective at preventing phishing attacks, though some appearance characteristics succeed at discouraging users from logging in when the image is absent.

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

15 of 74

What we've learned about password requirements

  • Complex isn't necessarily strong
    • Numeric, alphabetic, special symbols doesn't lead to stronger passwords
    • "Choosing multiple words from a suitably large dictionary of words may result in stronger passwords even if all of the words appear in dictionaries, are spelled with lowercase letters, and no punctuation is used"
    • Instead, check passwords against known leaked breach data
  • Changing passwords regularly leads to weak passwords
  • Length is the most important factor
    • old guidance about "short but complex" is invalidated by the current feasibility of building fast, brute force cracking systems

15

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

16 of 74

16

https://xkcd.com/936/

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

17 of 74

17

https://community.spiceworks.com/topic/2286767-the-time-it-takes-to-crack-a-password-visualized

data ca. 2020

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

18 of 74

18

https://www.grc.com/haystack.htm

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

19 of 74

19

https://www.grc.com/haystack.htm

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

20 of 74

Password requirement best practices (updated)

  • Minimum password length should be at least 8 characters
  • Maximum password length should be at least 64 characters
    • Do not allow unlimited length, to prevent long password denial-of-service
    • Common gotcha: bcrypt has a max length of 72 ASCII characters
  • Check passwords against known breach data
  • Rate-limit authentication attempts
  • Encourage/require use of a second factor

20

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

21 of 74

Checking against known breaches

21

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

22 of 74

How not to do 2FA

22

https://help.twitter.com/en/managing-your-account/issues-with-login-authentication

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

23 of 74

Good practices that are not always followed

  • Do not silently truncate long passwords
  • Do not restrict characters
    • Unicode and whitespace characters should be allowed
  • Do not include passwords in plaintext log files
  • Obvious: Use TLS for all traffic

23

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

24 of 74

24

https://www.theverge.com/2019/3/21/18275837/facebook-plain-text-password-storage-hundreds-millions-users

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

25 of 74

NIST Special Publication 800-63, Revision 3

Digital Identity Guidelines

25

https://pages.nist.gov/800-63-3/sp800-63-3.html

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

26 of 74

Network-based guessing attacks

  • Three primary types of attack
    • Brute force: Testing multiple passwords from dictionary or other source against a single account
    • Credential stuffing: Testing username/password pairs obtained from the breach of another site
    • Password spraying: Testing a single weak password against a large number of different accounts

26

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

27 of 74

Network-based guessing defenses

  • Limit the rate at which an attacker can make authentication attempts, or delay incorrect attempts
  • Keep track of IP addresses and limit the number of unsuccessful attempts
  • Temporarily ban the user after too many unsuccessful attempts

27

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

28 of 74

CAPTCHA

  • "Completely Automated Public Turing test to tell Computers and Humans Apart"
  • Reverse Turing test

28

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

29 of 74

29

https://www2.cs.sfu.ca/~mori/research/papers/mori_cvpr03.pdf

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

30 of 74

Problems with CAPTCHAs

  • It takes the average person approximately 10 seconds to solve a typical CAPTCHA
  • Difficult for users with visual impairment to use
    • Security of the CAPTCHA is only as strong as the weakest form of CAPTCHA offered
  • Attackers can proxy CAPTCHA requests to another user in real-time
  • Dark market services offer cheap CAPTCHA solving services powered by humans

30

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

31 of 74

31

https://prowebscraper.com/blog/top-10-captcha-solving-services-compared/

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

32 of 74

32

https://2captcha.com/

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

33 of 74

33

https://www.usenix.org/conference/woot14/workshop-program/presentation/bursztein

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

34 of 74

Security isn’t the only goal of CAPTCHAs

34

https://medium.com/a-dose-of-curiosity/how-does-the-i-am-not-a-robot-checkbox-work-c24d426a82a1

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

35 of 74

You are training the machine

35

https://www.vox.com/22436832/captchas-getting-harder-ai-artificial-intelligence

https://altitudemarketing.com/blog/captcha-explained/

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

36 of 74

36

https://en.wikipedia.org/wiki/ReCAPTCHA

https://medium.com/a-dose-of-curiosity/how-does-the-i-am-not-a-robot-checkbox-work-c24d426a82a1

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

37 of 74

Reauthenticate for

sensitive features

  • Defense-in-depth against XSS, CSRF, session hijacking, physical access
  • Before: change password, change email, add new shipping address

37

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

38 of 74

Response discrepancy

information exposure

  • Information exposure: Information is leaked to an attacker that should not be leaked
  • Response discrepancy: "The software provides different responses to incoming requests in a way that allows an actor to determine system state information that is outside of that actor's control sphere."

38

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

39 of 74

Response discrepancy:

error messages

  • Respond with a generic error message regardless of whether:
    • The username or password was incorrect
    • The account does not exist
    • The account is locked or disabled
  • Don't forget password reset and account creation!

39

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

40 of 74

Response discrepancy: Login

  • Bad response examples:
    • "Login for User foo: invalid password"
    • "Login failed, invalid user ID"
    • "Login failed; account disabled"
    • "Login failed; this user is not active"
  • Good response example:
    • "Login failed; Invalid user ID or password"

40

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

41 of 74

Response discrepancy:

Password recovery

  • Bad response examples:
    • "We just sent you a password-reset link"
    • "This email address doesn't exist in our database"
  • Good response example:
    • "If that email address is in our database, we will send you an email to reset your password"

41

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

42 of 74

Response discrepancy:

Account creation

  • Bad response examples:
    • "This user ID is already in use"
    • "Welcome! You have signed up successfully"
  • Good response example:
    • "A link to activate your account has been emailed to <input email address>"

42

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

43 of 74

Response discrepancy:

HTTP status codes

  • Any difference will leak info to the attacker, even HTTP status codes
  • Bad response examples:
    • Sometimes HTTP 200: "Login failed; Invalid user ID or password"
    • Sometimes HTTP 403: "Login failed; Invalid user ID or password"
  • Good response example:
    • Always HTTP 403: "Login failed; Invalid user ID or password"

43

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

44 of 74

Response discrepancy: Timing

44

Bad:

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

45 of 74

Response discrepancy: Timing

45

Good:

• Beware of using early returns in authentication code

• The code above is slower but consistent

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

46 of 74

Response discrepancy:

Mitigation tradeoffs

  • Mitigations make user experience worse
    • Generic error messages are less useful to the user
    • Can frustrate legitimate users
  • Rate-limiting authentication attempts will prevent user enumeration at scale, while allowing friendly error messages to remain

46

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

47 of 74

Data breaches

47

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

48 of 74

48

https://venturebeat.com/2021/03/29/canalys-more-data-breaches-in-2020-than-previous-15-years-despite-10-growth-in-cybersecurity-spending/

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

49 of 74

49

https://laptrinhx.com/the-18-biggest-data-breaches-of-the-21st-century-2296465893/

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

50 of 74

Were you in a breach?

  • The answer is almost certainly "Yes"
  • HaveIBeenPwned.com service
    • Check for your email in breaches
    • Check for your password in breaches
    • Websites or password managers can check passwords against the list

50

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

51 of 74

51

https://haveibeenpwned.com

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

52 of 74

How are passwords stored?

  • Important: Never, ever, ever store passwords in plaintext
  • In a data breach, the attacker will learn all users' passwords and be able to attack their accounts on other sites, assuming the user has re-used their password across sites (very likely)

52

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

53 of 74

53

http://twitterleakeddatabase.blogspot.com/2018/10/twitter-leaked-database-32-million.html

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

54 of 74

Never store passwords like this!

alice:password

bob:hunter2

charlie:correcthorsebatterystaple

david:hunter2

54

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

55 of 74

Never store plaintext passwords

  • Important: Hash the plaintext password, then store the hash in the database
  • Cryptographic hash function: Algorithm that maps data of arbitrary size (the "message") to a bit string of a fixed size (the "hash value")
    • One-way function: infeasible to invert
    • Deterministic: same message always results in the same hash value
    • Quick to compute: we often call hash functions thousands of times
    • No collisions: infeasible to find different messages with same hash value
    • Avalanche effect: small change to message changes hash value extensively

55

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

56 of 74

Example: Hashing passwords

56

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

57 of 74

User table (hashed)

alice:XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=

bob:9S+9MrKzuG/4jvbEkGKChfSCrxXdyylUH5S89Saj9sc=

charlie:0mk89QsPD4FIJQv8IcHnoSe6qjOzKvcNuTevydeUxWA=

david:9S+9MrKzuG/4jvbEkGKChfSCrxXdyylUH5S89Saj9sc=

57

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

58 of 74

Problems with just hashing

  • Users who have identical passwords are easy to spot
  • Pre-computed lookup attacks are easy
    • SHA256 is quite fast to compute
    • Rainbow tables are easy to generate
  • Rainbow table: a precomputed table for reversing cryptographic hash functions

58

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

59 of 74

Password salts

  • Goal:
    • Prevent two users who use identical passwords from being revealed
    • Add entropy to weak passwords to make pre-computed lookup attacks intractable
  • Solution: A salt is fixed-length cryptographically-strong random value
    • No need to keep the salt secret; can be stored alongside the password (salt is usually 16, 32, or 64 bytes)
    • Concatenate the salt and the password before hashing it

59

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

60 of 74

Example: Hashing and salting passwords

60

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

61 of 74

User table (hashed and salted)

username:salt:password

alice:ciMTj87Q5Ti/PDfSUM4jcAT6cFJWVwJFjEbMc2sqAn0=:AQAiFDIbEUk5Wdoe6tTL+bnCBOIsectOW2SfftG0je8=

bob:NB9zdy/OIVnGHkPK7fK01saCcIpXrWV5rdtW8i5k/XY=:uxIXXvfrQ8/gTwrbTtgnsqsZCAw/y24O8nU3qlho5GE=

charlie:hetbWcTifseB9K3IQQPr6c/eMJyj3kVTqq/l+FqYf78=:FykuFcJV0AjBLyxMuQWrvuSTjRXyXStitVteWUJmPlM=

david:IZu5hPamBS/QY4ILZzTcyVY8TK17Dt9hmXW7bC4XbCc=:ydVe+vA56bKbA0oXzRfYtkABUXaxgkF4ngB0xNJRvA4=

61

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

62 of 74

Just use bcrypt

  • Password hashing function designed by Niels Provos and David Mazières
  • Expensive key setup algorithm
    • You don't want speed in a password hash function
  • Automatically handles all password salting complexity and includes it in the hash output

62

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

63 of 74

Example: Just use bcrypt

63

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

64 of 74

bcrypt hash string

64

https://en.wikipedia.org/wiki/Bcrypt

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

65 of 74

User table (bcrypt)

alice:$2b$10$aQNe4MK0HDhrkus8GZGQL.Nj11nsx12VTMTDBkykiL/jRbb.fJuGC

bob:$2b$10$TSbaMNCCq6.xNkDVszwwhO9Fpb.eeW6aUSIFzGkPoQrs5RahskOUO

charlie:$2b$10$.5KcQQNEfnkPBYxeiqS2ZeePXLT5J30HG7zngfesyGuc0js37X41e

david:$2b$10$l8n7ZLsq13ygE0m3cQ8oEuBjPnGcGBUA4zvJhnsKgyDEZdEd2EFXa

65

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

66 of 74

How attackers use a

breach database

  • Machine capable of cracking 100B+ passwords per second against SHA256 can be built for $20,000 (as of July 2019)
  • Try every password which has been disclosed in a breach (>500M passwords). Think of this as “every password anyone has ever thought of, ever.” Statistically, this will break >70% of user passwords
  • The complete list just takes 5ms to try, so an attacker can run the complete list against 200 accounts every second
  • Build a list of popular phrases, song lyrics, news headlines to pick up another 5-7% of user passwords

66

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

67 of 74

Strong passwords

  • Choosing a strong password can prevent these attacks:
    • Password spray: Guessing, hammering, low-and-slow
    • Brute force: Database extraction, cracking
  • Choosing a strong password cannot prevent these attacks:
    • Credential stuffing: Breach replay, list cleaning
    • Phishing: Man-in-the-middle, credential interception
    • Keystroke logging: Malware, sniffing
    • Local discovery: Dumpster diving, physical recon, network scanning
    • Extortion: Blackmail, insider threat

67

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

68 of 74

Multi-factor authentication

  • Microsoft: "Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA"
  • Common additional factors:
    • Something you have (e.g., a phone, badge, or cryptographic key)
    • Something you are (e.g., a fingerprint or other biometric data)

68

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

69 of 74

Selectively requiring MFA

  • To preserve user experience, consider only requiring MFA for:
    • A new browser/device or IP address
    • An unusual country or location
    • An IP address that appears on known blocklists
    • An IP address that has tried to login to multiple accounts
    • A login attempt that appears to be scripted rather than manual

69

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

70 of 74

Time-based One-Time Passwords (TOTP)

70

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

71 of 74

Time-based One-Time Passwords (TOTP)

  1. Server creates a secret key for specific user
  2. Server shares secret key with the user's phone app
  3. Phone app initializes a counter
  4. Phone app generates a one time password using secret key and counter
  5. Phone app changes the counter after a certain interval and regenerates the one time password

71

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

72 of 74

Time-based One-Time Passwords (TOTP)

72

Server generates unique secret key for user:

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

73 of 74

Time-based One-Time Passwords (TOTP)

73

Generate the current one-time password:

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh

74 of 74

Final thoughts

  • Always hash and salt your passwords
  • "Just use bcrypt"
  • Consider how to protect users even when attackers know their password

74

ODU CS 433/533 Web Security Fall 2024 mln@cs.odu.edu

Based on Stanford CS 253 by Feross Aboukhadijeh