Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting presented at USENIX Security 2022

by Xu Lin, Panagiotis Ilia, Saumya Polakis,

Tags: Web Security III: Bots & Authentication

URL : https://www.usenix.org/system/files/sec22-lin-xu.pdf

Summary : As users navigate the web they face a multitude of threats; among them, attacks that result in account compromise can be particularly devastating. In a world fraught with data breaches and sophisticated phishing attacks, web services strive to fortify user accounts by adopting new mechanisms that identify and prevent suspicious login attempts. More recently, browser fingerprinting techniques have been incorporated into the authentication workflow of major services as part of their decision-making process for triggering additional security mechanisms (e.g., two-factor authentication).