Key points are not available for this paper at this time.
We propose a scheme that exploits scale to prevent phishing. We show that while stopping phishers from obtaining passwords is very hard, detecting the fact that a password has been entered at an unfamiliar site is simple. Our solution involves a client that reports Password Re-Use (PRU) events at unfamiliar sites, and a server that accumulates these reports and detects an attack. We show that it is simple to then mitigate the damage by communicating the identities of phished accounts to the institution under attack. Thus, we make no attempt to prevent information leakage, but we try to detect and then rescue users from the consequences of bad trust decisions.
Florêncio et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: