@inProceedings{
 title = {Password Managers: Attacks and Defenses},
 type = {inProceedings},
 year = {2014},
 keywords = {attack,defense,password-manager,passwords},
 pages = {449-464},
 websites = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver},
 month = {8},
 publisher = {USENIX Association},
 city = {San Diego, CA},
 id = {e34b725e-785c-33fc-ba0b-5ebff340b98f},
 created = {2018-07-12T21:31:23.937Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:31:23.937Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {silver:password14},
 source_type = {inproceedings},
 private_publication = {false},
 abstract = {We study the security of popular password managers and their policies on automatically filling in Web passwords. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We observe significant differences in autofill policies among password managers. Several autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers.},
 bibtype = {inProceedings},
 author = {Silver, David and Jana, Suman and Boneh, Dan and Chen, Eric and Jackson, Collin},
 booktitle = {Proceedings of the USENIX Security Symposium (USENIX Security)}
}

{"_id":"dken3TpHXniPqQt6N","bibbaseid":"silver-jana-boneh-chen-jackson-passwordmanagersattacksanddefenses-2014","downloads":0,"creationDate":"2019-02-15T15:14:58.977Z","title":"Password Managers: Attacks and Defenses","author_short":["Silver, D.","Jana, S.","Boneh, D.","Chen, E.","Jackson, C."],"year":2014,"bibtype":"inProceedings","biburl":null,"bibdata":{"title":"Password Managers: Attacks and Defenses","type":"inProceedings","year":"2014","keywords":"attack,defense,password-manager,passwords","pages":"449-464","websites":"https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver","month":"8","publisher":"USENIX Association","city":"San Diego, CA","id":"e34b725e-785c-33fc-ba0b-5ebff340b98f","created":"2018-07-12T21:31:23.937Z","file_attached":false,"profile_id":"f954d000-ce94-3da6-bd26-b983145a920f","group_id":"b0b145a3-980e-3ad7-a16f-c93918c606ed","last_modified":"2018-07-12T21:31:23.937Z","read":false,"starred":false,"authored":false,"confirmed":"true","hidden":false,"citation_key":"silver:password14","source_type":"inproceedings","private_publication":false,"abstract":"We study the security of popular password managers and their policies on automatically filling in Web passwords. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We observe significant differences in autofill policies among password managers. Several autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers.","bibtype":"inProceedings","author":"Silver, David and Jana, Suman and Boneh, Dan and Chen, Eric and Jackson, Collin","booktitle":"Proceedings of the USENIX Security Symposium (USENIX Security)","bibtex":"@inProceedings{\n title = {Password Managers: Attacks and Defenses},\n type = {inProceedings},\n year = {2014},\n keywords = {attack,defense,password-manager,passwords},\n pages = {449-464},\n websites = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver},\n month = {8},\n publisher = {USENIX Association},\n city = {San Diego, CA},\n id = {e34b725e-785c-33fc-ba0b-5ebff340b98f},\n created = {2018-07-12T21:31:23.937Z},\n file_attached = {false},\n profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},\n group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},\n last_modified = {2018-07-12T21:31:23.937Z},\n read = {false},\n starred = {false},\n authored = {false},\n confirmed = {true},\n hidden = {false},\n citation_key = {silver:password14},\n source_type = {inproceedings},\n private_publication = {false},\n abstract = {We study the security of popular password managers and their policies on automatically filling in Web passwords. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We observe significant differences in autofill policies among password managers. Several autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers.},\n bibtype = {inProceedings},\n author = {Silver, David and Jana, Suman and Boneh, Dan and Chen, Eric and Jackson, Collin},\n booktitle = {Proceedings of the USENIX Security Symposium (USENIX Security)}\n}","author_short":["Silver, D.","Jana, S.","Boneh, D.","Chen, E.","Jackson, C."],"urls":{"Website":"https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"},"bibbaseid":"silver-jana-boneh-chen-jackson-passwordmanagersattacksanddefenses-2014","role":"author","keyword":["attack","defense","password-manager","passwords"],"downloads":0},"search_terms":["password","managers","attacks","defenses","silver","jana","boneh","chen","jackson"],"keywords":["attack","defense","password-manager","passwords"],"authorIDs":[]}