摘要 |
Various embodiments of a system and method for secure password-based authentication are described. The system and method for secure password-based authentication may include an authentication component configured to request and receive authentication from an authenticating system according to a secure password-based authentication protocol. The authentication component may be configured to participate in an attack-resistant password-based authentication protocol such that an attacker who has compromised the authorizing system and/or a communication channel between the authentication component and the authenticating system may not determine a user's password and/or impersonate the user. In one embodiment, the authentication component may be configured to provide its attack-resistant password-based authentication functionality to an application (e.g., through a stand-alone application, plugin, or application extension). For instance, the authentication component may enable a web browser to participate in the attack-resistant password-based authentication protocol in order to access an online bank account from a web server.
|