Gone phishing

A research group at Stanford has developed an extension to popular Web browsers that completely overhauls the security of passwords.

It’s an online con that is growing fast and stealing tens of millions of dollars. An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such “phishing” attacks exploit a universal weakness in online security: passwords.

“Phishing attacks fool users into sending their passwords, in the clear, to an unintended Web site,” says Dan Boneh, an associate professor of computer science and electrical engineering at Stanford University. “Since Internet users often use the same password at many Web sites, a phishing attack on one site will expose their passwords at many other sites.”

Boneh and computer science Professor John Mitchell say they can change all that. Their research group has developed an extension to popular Web browsers that completely overhauls the security of passwords with only the slightest change in the daily Web-surfing experience - one or two keystrokes before entering a password activates their software.

Register now to continue reading

Thanks for visiting The Engineer. You’ve now reached your monthly limit of premium content. Register for free to unlock unlimited access to all of our premium content, as well as the latest technology news, industry opinion and special reports. 

Benefits of registering

  • In-depth insights and coverage of key emerging trends

  • Unrestricted access to special reports throughout the year

  • Daily technology news delivered straight to your inbox