Using SafeKeeper to Protect Web Passwords

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review


Research units

  • Concordia University


Although passwords are by far the most widely-used user authentication mechanism on the web, their security is threatened by password phishing and password database breaches. SafeKeeper is a system for protecting web passwords against very strong adversaries, including sophisticated phishers and compromised servers. Compared to other approaches, one of the key differentiating aspects of SafeKeeper is that it provides web users with verifiable assurance that their passwords are being protected. In this paper, we demonstrate precisely how SafeKeeper can be used to protect web passwords in real-world systems. We first explain two important deployability aspects: i) how SafeKeeper can be integrated into the popular WordPress platform, and ii) how ordinary web users can use Intel SGX remote attestation to verify that SafeKeeper is running on a particular server. We then describe three demonstrations to illustrate the use of SafeKeeper: i) showing the user experience when visiting a legitimate website; ii) showing the encryption of the password in transit via live packet-capture; and iii) showing how SafeKeeper performs in the presence of phishing.


Original languageEnglish
Title of host publicationCompanion Proceedings of the The Web Conference 2018
Publication statusPublished - 23 Apr 2018
MoE publication typeA4 Article in a conference publication
EventThe Web Conference - Lyon, France
Duration: 23 Apr 201827 Apr 2018


ConferenceThe Web Conference
Abbreviated titleWWW
Internet address

Download statistics

No data available

ID: 27036079