Social Authentication: Vulnerabilities, Mitigations, and Redesign

Social Authentication: Vulnerabilities, Mitigations, and Redesign

This presentation was utilized during the defense of my MSc Thesis @Politecnico di Milano (April 22, 2013).

Thesis: Social Authentication: Vulnerabilities, Mitigations, and Redesign
Supervisors: Stefano Zanero, Federico Maggi

Description: We pointed out the security weaknesses of using Social Authentication (SA) as part of a two-factor authentication scheme, focusing on Facebook's deployment.
We have empirically calculated the probability of an attacker obtaining the information necessary to solve SA tests when relying on publicly accessible data as well as following a more active approach to gather restricted information.
We have designed an automated attack able to break the SA, to demonstrate the feasibility of carrying out large-scale attacks against social authentication with minimal effort on behalf of an attacker.
We then revisited the SA concept and proposed reSA, a two-factor authentication scheme that can be easily solved by humans but is robust against face-recognition software.


Marco Lancini

April 22, 2013