A Study of the Multiple Sign-In Feature in Web Applications

Marwan Albahar, Xing Gao, Gaby Dagher, Daiping Liu, Fengwei Zhang, Jidong Xiao

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Nowadays, more and more web applications start to offer the multiple sign-in feature, allowing users to sign into multiple accounts simultaneously from the same browser. This feature significantly improves user experience. Unfortunately, if such a feature is not designed and implemented properly, it could lead to security, privacy, or usability issues. In this paper, we perform the first comprehensive study of the multiple sign-in feature among various web applications, including Google, Dropbox. Our results show that the problem is quite worrisome. All analyzed products that provide the multiple sign-in feature either suffer from potential security/privacy threats or are sacrificing usability to some extent. We present all issues found in these applications, and analyze the root cause by identifying four different implementation models. Finally, based on our analysis results, we design a client-side proof-of-concept solution, called G-Remember , to mitigate these issues. Our experiments show that G-Remember can successfully provide adequate context information for web servers to recognize users’ intended accounts, and thus effectively address the presented multiple sign-in threat.

Original languageAmerican English
Title of host publicationSecurity and Privacy in Communication Networks: 15th EAI International Conference, SecureComm 2019, Orlando, FL, USA, October 23-25, 2019, Proceedings, Part II
StatePublished - 1 Jan 2019

Keywords

  • cookies
  • multiple sign-in feature
  • web security

EGS Disciplines

  • Computer Sciences

Fingerprint

Dive into the research topics of 'A Study of the Multiple Sign-In Feature in Web Applications'. Together they form a unique fingerprint.

Cite this