As text-based passwords continue to be the dominant form for user identi cation today, services try to protect their costumers by o ering enhanced, and more secure, technologies for authentication. One of the most promising is two-factor authentication (2FA). 2FA raises the bar for the attacker signi cantly, however, it is still questionable if the technology can be realistically adopted by the majority of Internet users. In this paper, we attempt a rst study for quantifying the adoption of 2FA in probably the largest existing provider, namely Google. For achieving this, we leverage the password-reminder process in a novel way for discovering if 2FA is enabled for a particular account, without annoying or affecting the account's owner. Our technique has many challenges to overcome, since it requires issuing massively thousands of password reminders. In order to remain below the radar, and therefore avoid solving CAPTCHAs or having our hosts blocked, we leverage distributed systems, such as TOR and PlanetLab. After examining over 100,000 Google accounts, we conclude that 2FA has not yet been adopted by more than 6.4% of the users. Last but not least, as a side-e ect of our technique, we are also able to ex ltrate private information, which can be potentially used for malicious purposes. Thus, in this paper we additionally present important ndings for raising concerns about privacy risks in designing password reminders.
Open HTTP proxies offer a quick and convenient solution for routing web traffic towards a destination. In contrast to more elaborate relaying systems, such as anonymity networks or VPN services, users can freely connect to an open HTTP proxy without the need to install any special software. Therefore, open HTTP proxies are an attractive option for bypassing IPbased filters and geo-location restrictions, circumventing content blocking and censorship, and in general, hiding the client's IP address when accessing a web server. Nevertheless, the consequences of routing traffic through an untrusted third party can be severe, while the operating incentives of the thousands of publicly available HTTP proxies are questionable.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.