URRSA: Usage Instructions


To use visit: www.urrsa.com and follow the Register or Login link. A basic idea of how it works.

Register: you must register from a corpnet machine.

·         Enter the (url, username) pair that you want to use. For example (www.hotmail.com, foobar@hotmail.com).

·         Enter the password the account and click “Generate OTPs.”

·         Print and carry the OTPs.


Login: you can login from any machine w/o typing your real password. You can use IE, Firefox, Opera, Safari etc.

·         Enter the (url, username) pair exactly as before and click “Next”

·         Enter the OTP as prompted and click “submit”

·         Your browser will navigate to the url you selected (e.g. www.hotmail.com)

o   If this is the login page the password field will appear auto-filled (this is not your password but a rogue value). Re-enter the username and click login. Don’t touch the auto-populated password field.

o   If this is not the login page, you can click on whatever link you need to get there. Again, type the username and submit.





·         This is an alpha prototype so don’t be shocked if there are bugs. Please let us know about any sites where it doesn’t work.

·         Certificate situation is in flux right now, so just click through any and all cert errors (apologies).

·         This is for testing only. Please do not use this for accounts of value (e.g. banks) or super-personal stuff. We do not store passwords; everything is deleted as soon as it is passed to the end server, but the password does flow through our system. We have not done PEN testing.

·         Please do test with free accounts such as:

o   Hotmail, gmail, yahoo, paypal, amazon, myspace, facebook, ………


People who’ve made this happen:

·         Dinei Florencio

·         Cormac Herley

·         Ziqing Mao

·         Erin Renshaw