We provide a continuously updated list of authentication mechanisms found on millions of websites in the Internet. When configuring this list with a specific date, we retrieve the Tranco list that contains the 1 million most popular domains for that date. For each domain in the Tranco list, we supplement our latest data up to this date.
While Tranco provides daily lists, we need about a month to snapshot the authentications on all of the 1 million websites. In the worst case, we can only provide data to an entirely new domain that has been added to the Tranco list one month later. However, most of the Tranco domains remain stable and only move up or down in their ranking.
The data in our list provides details about the authentication mechanisms of a website. These include, inter alia, the website's login page URL(s) and support for Single Sign-On, Username / Password, WebAuthn Experimental, and Passkey Experimental authentication.
[
{
"domain": "shop.com", // domain in the tranco list
"rank": 1337, // ranking of the domain in the tranco list
"task_id": "1f8083d1-6d38-4de3-98f3-b1d2987a6555", // unique id of the snapshot task
"task_timestamp_response_received": 1689367754.3676727, // timestamp of the snapshot task
"resolved": {...}, // see "Resolved" section
"timings": {...}, // see "Timings" section
"login_page_candidates": [...], // see "Login Pages" section
"recognized_idps": [...], // see "Idps" section
"recognized_lastpass_icons": [...], // see "Lastpass Icons" section
"recognized_navcreds": [...], // see "Navigator Credentials" section
"metadata_available": {...}, // see "Metadata" section
"metadata_data": {...} // see "Metadata" section
},
...
]{
"reachable": true, // whether the domain is reachable (no dns error, no timeout, valid status code, ...)
"url": "https://www.shop.com/index.html", // fully resolved url, i.e., https://shop.com redirects to https://www.shop.com/index.html
"domain": "www.shop.com", // domain of the fully resolved url
"error_msg": "...", // short reason why not reachable
"error": "..." // detailed reason why not reachable
}{
"resolve_duration_seconds": 13.37, // time in seconds to resolve the domain
"login_page_detection_paths_duration_seconds": 13.37, // time in seconds to test common paths and subdomains for login pages
"login_page_detection_crawling_duration_seconds": 13.37, // time in seconds to crawl the homepage for login pages
"login_page_detection_metasearch_duration_seconds": 13.37, // time in seconds to query the metasearch engine for login pages
"login_page_detection_sitemap_duration_seconds": 13.37, // time in seconds to analyze the sitemap for login pages
"login_page_detection_homepage_duration_seconds": 13.37, // time in seconds to add the homepage to the set of login pages
"login_page_detection_duration_seconds": 13.37, // total time in seconds to determine the login pages
"login_page_analysis_duration_seconds": 13.37, // total time in seconds to analyze the login pages, i.e., for password field detection
"sso_button_detection_duration_seconds": 13.37, // total time in seconds to detect the sso buttons
"sdk_detection_duration_seconds": 13.37, // total time in seconds to determine sso sdks
"total_duration_seconds": 13.37 // total analysis time in seconds
}[
{
"login_page_candidate": "https://www.shop.com/login", // url of the login page
"login_page_strategy": "PATHS|CRAWLING|METASEARCH|SITEMAP|HOMEPAGE|ROBOTS|MANUAL", // strategy used to find this login page
"login_page_locator_mode": "ANCHOR|ELEMENT", // only for CRAWLING, ANCHOR is <a> element, ELEMENT is any element
"login_page_priority": { // priority of this login page
"regex": "/(show|users?|web|sso)*[_\-\s]*(log|sign)[_\-\s]*(in|up|on)(/.*|\?.*|\#.*|\s*)$", // highest prioritized regex matching this login page
"priority": 99 // priority of regex / login page
},
"resolved": { // see "Resolved" section
"reachable": true, // whether the login page is reachable
"url": "https://www.shop.com/login.html", // fully resolved url of login page
"domain": "www.shop.com", // domain of fully resolved url
"title": "Login | Shop.com" // title of login page
},
"content_type": "text/html", // content type of the login page
"content_analyzable": { // whether the login page is analyzable (valid status code, content type, etc.)
"valid": true, // whether the login page is analyzable
"error": "..." // reason why not valid
},
"login_page_candidate_screenshot": { // reference to screenshot of login page candidate
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "png" // screenshot is png file
}
},
"login_page_info": { // only for some strategies
"x": 13.37, // only for CRAWLING, x coordinate of element that leads to login page
"y": 13.37, // only for CRAWLING, y coordinate of element that leads to login page
"width": 13.37, // only for CRAWLING, width of element that leads to login page
"height": 13.37, // only for CRAWLING, height of element that leads to login page
"inner_text": "Login", // only for CRAWLING, inner text of element that leads to login page
"outer_html": "<a href=\"/login\">Login</a>", // only for CRAWLING, outer html of element that leads to login page
"href_attribute": "/login", // only for CRAWLING+ANCHOR, href attribute of <a%gt; element that leads to login page
"href_absolute": "https://www.shop.com/login", // only for CRAWLING+ANCHOR, absolute href of <a%gt; element that leads to login page
"login_page_frame": "TOPMOST|POPUP", // only for CRAWLING+ELEMENT, clicking the element may open the login page in a new popup or overwrite the topmost window
"element_tree": ["SPAN", "A", ..., "BODY", "HTML"], // only for CRAWLING+ELEMENT, element tree of element that leads to login page
"result_hit": 1, // only for METASEARCH, index of search result that leads to login page
"result_engines": ["GOOGLE", "BING", "YAHOO"], // only for METASEARCH, engines that returned this search result
"result_raw": { // only for METASEARCH, raw result from SearXNG API, see https://docs.searxng.org/
"url": "https://www.shop.com/login",
"title": "Login | Shop.com",
"content": "...",
"engine": "bing",
"parsed_url": ["https", "www.shop.com", "/login", "", "", ""],
"template": "default.html",
"engines": ["google", "bing", "yahoo"],
"positions": [2, 1, 2],
"score": 6,
"category": "general",
"pretty_url": "https://www.shop.com/login",
"open_group": true
},
"change_frequency": "monthly", // only for SITEMAP, see https://www.sitemaps.org/protocol.html
"last_modified": "2005-01-01", // only for SITEMAP, see https://www.sitemaps.org/protocol.html
"news_story": {...}, // only for SITEMAP, see https://developers.google.com/search/docs/crawling-indexing/sitemaps/news-sitemap
"priority": 0.5 // only for SITEMAP, see https://www.sitemaps.org/protocol.html
}
},
...
][
{
"recognition_strategy": "KEYWORD|LOGO", // strategy used to detect this sso button
"element_coordinates_x": 13.37, // coordinates and dimensions of the element
"element_coordinates_y": 13.37,
"element_width": 13.37,
"element_height": 13.37,
"element_validity": "HIGH|LOW", // only KEYWORD, high ^= "Sign in with Apple", low ^= "apple"
"element_inner_text": "Continue with Google", // text content of the element
"element_outer_html": "<button>....<button>", // html markup of the element
"element_tree": ["BUTTON", ..., "BODY", "HTML"], // list of tag names from the element to the root
"element_tree_markup": { // reference to file containing entire html markup of the element tree
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "json"
}
},
"login_page_url": "https://www.shop.com/login", // url of the login page that contains this sso button
"idp_name": "GOOGLE", // name of the idp
"idp_integration": "CUSTOM|SIGN_IN_WITH_APPLE|GOOGLE_ONE_TAP|FACEBOOK_LOGIN|...", // api or sdk integration
"idp_frame": "TOPMOST|POPUP|IFRAME", // frame in which the idp is called
"idp_login_request": "https://accounts.google.com/o/oauth2/v2/auth?client_id=...", // url of the login request
"idp_har": { // reference to HAR file containing http traffic of sso flow, see https://en.wikipedia.org/wiki/HAR_(file_format)
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "har"
}
},
"idp_screenshot": { // reference to screenshot of the idp
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "png"
}
},
"keyword_recognition_candidates": 3, // only KEYWORD, number of candidates that were found with the keywords
"keyword_recognition_hit_number_clicks": 1, // only KEYWORD, number of clicks on the candidates until sso was started
"keyword_recognition_hit_keyword": "Continue with Google", // only KEYWORD, keyword in the element that started sso
"keyword_recognition_duration_seconds": 13.37, // only KEYWORD, total time between page load and sso start
"keyword_recognition_locator_mode": "CSS|XPATH|ACCESSIBILITY", // only KEYWORD, locator mode that was used to find the element
"keyword_recognition_screenshot": { // only KEYWORD, reference to screenshot of the element that started sso
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "png"
}
},
"logo_recognition_candidates": 3, // only LOGO, number of candidates that were found with the logo
"logo_recognition_hit_number_clicks": 1, // only LOGO, number of clicks on the candidates until sso was started
"logo_recognition_duration_seconds": 13.37, // only LOGO, total time between page load and sso start
"logo_recognition_matching_score": 0.80, // only LOGO, score of the best matching logo (0-1)
"logo_recognition_pattern_matching_duration_seconds": 13.37, // only LOGO, time it took to match the logo on the screenshot
"logo_recognition_pattern_checking_duration_seconds": 13.37, // only LOGO, time it took to verify if clicking the logo starts sso
"logo_recognition_screenshot_scale": 1, // only LOGO, scale of the screenshot (0-1, 1 = not scaled)
"logo_recognition_template_filename": "apple.png", // only LOGO, filename of the logo template
"logo_recognition_template_scale": 0.12, // only LOGO, scale of the logo template (0-1, 1 = not scaled)
"logo_recognition_screenshot": { // only LOGO, reference to screenshot of the element that started sso
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "png"
}
}
},
...
][
{
"recognition_strategy": "LASTPASS_ICON", // following username and password fields were found with the lastpass extension
"login_page_url": "https://www.shop.com/login", // the url of the login page
"lastpass_icon_frame": "TOPMOST|IFRAME", // the username/password fields are on topmost window or in iframe
"lastpass_icon_frame_index": 0, // the index of the frame in the page (0 = topmost window, 1/2/... = iframe)
"lastpass_icon_frame_name": "...", // the name of the frame
"lastpass_icon_frame_title": "Login | Shop.com", // the title of the frame
"lastpass_icon_frame_url": "https://www.shop.com/login", // the url of the frame that contains the username/password fields (if topmost, then this is the login page url, otherwise it is the url of the iframe)
"lastpass_icon_frames_length": 1, // the number of frames in the page
"lastpass_icon_elements": [ // all identified username and password fields (typically contains 2, one for username, one for password)
{
"element_coordinates_x": 13.37, // coordinates and dimensions of the input fields
"element_coordinates_y": 13.37,
"element_width": 13.37,
"element_height": 13.37,
"element_inner_text": "", // inner text of the input field
"element_outer_html": "<input name=\"username|password|...\" style=\"background-image: url();\">", // outer html of the input field, the background image is the lastpass icon that is injected into the field by the extension
"element_tree": ["INPUT", ..., "BODY", "HTML"], // the tree of the input field
"element_tree_markup": { // reference to the markup of the tree of the input field
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "json"
}
}
},
...
]
},
...
]{
"metadata_available": { // whether metadata is available at the well known endpoints of the domain
"apple_app_site_association": false, // https://developer.apple.com/documentation/xcode/supporting-associated-domains#Add-the-associated-domain-file-to-your-website
"assetlinks": false, // https://developers.google.com/digital-asset-links/v1/create-statement
"browserid": false, // https://mozilla.github.io/id-specs/docs/formats/well-known/
"fido2_configuration": false, // not yet standardized
"fido_2fa_configuration": false, // not yet standardized
"fido_configuration": false, // not yet standardized
"jwks": false, // https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets
"oauth_authorization_server": false, // https://datatracker.ietf.org/doc/html/rfc8414#section-3
"oauth_client": false, // https://datatracker.ietf.org/doc/html/draft-looker-oauth-client-discovery-01#section-3
"openid_configuration": false, // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
"robots_txt": true, // https://datatracker.ietf.org/doc/html/rfc9309#name-access-method
"security_txt": true, // https://datatracker.ietf.org/doc/html/rfc9116#name-location-of-the-securitytxt
"uma2_configuration": false, // https://backstage.forgerock.com/docs/am/7/uma-guide/configure-uma-discovery.html
"web_identity": false, // https://developer.chrome.com/docs/privacy-sandbox/fedcm/#well-known-file
"webfinger": false // https://datatracker.ietf.org/doc/html/rfc7033#section-4
},
"metadata_data": { // reference to json file containing all metadata
"type": "reference",
"data": {
"bucket_name": "...",
"object_name": "...",
"extension": "json"
}
}
}Not all of the data is stored in our database. Larger files like screenshots, HTTP traffic recordings, and more are stored in our MinIO S3-compatible object storage. In our database, we include references to these files that look like this:
{
"type": "reference", // this is a reference to a file in the object storage
"data": {
"bucket_name": "...", // name of the bucket ("folder") that contains the object ("file")
"object_name": "...", // name of the object that is contained in the bucket
"extension": "..." // file extension of the object (i.e., "png", "json", "har", ...)
}
}We provide an API endpoint that you can use to download the files with their references.
You must configure your list before downloading or keep the default values.
If you use this list for your research, please cite our publication. Feel free to use other citation styles than BibTeX or IEEE Style. We also encourage to reference this list in your text and include the unique download link of the list in a footnote.