It's an online con that is growing fast and stealing tens of millions of dollars. An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking website. Such "phishing" attacks exploit a universal weakness in online security: passwords.

"Phishing attacks fool users into sending their passwords, in the clear, to an unintended website," says Dan Boneh, an associate professor of computer science and electrical engineering. "Since Internet users often use the same password at many websites, a phishing attack on one site will expose their passwords at many other sites."

Boneh and computer science Professor John Mitchell say they can change all that. Their research group has developed an extension to popular web browsers that completely overhauls the security of passwords with only the slightest change in the daily web-surfing experience one or two keystrokes before entering a password activates their software.

Read the complete story . (SR)