Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling

Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling

연구 분야: Analysis

학회: Nordic Conference on Secure IT Systems

This study conducts an analysis of login throttling mechanisms on both websites and smartphone apps, focusing particularly on 20 large Chinese and non-Chinese services. Our research uniquely addresses discrepancies in authentication strategies between these services, which have not been extensively covered in existing literature. We manually simulate the behavior of persistent attackers who can circumvent common anti-bot measures, such as solving CAPTCHAs and employing non-suspicious IP addresses. Our findings reveal significant variations in CAPTCHA implementation, password guessing restrictions, and the integration of multiple login throttling mechanisms between app and web interfaces. Notably, Chinese services tend to deploy more complex CAPTCHA systems and additional verification, whereas non-Chinese services are more susceptible to continuous guessing attacks. This paper also proposes a procedure for analyzing and comparing the efficacy of authentication measures in mitigating password-based attacks, contributing to future enhancements to security practices for online services.