Abstract
Web 2.0 has given a new dimension to Internet bringing in the “social web” where personal data of a user resides in a public space. Personal Knowledge Management (PKM) by websites like Facebook, LinkedIn, and Twitter, etc. has given rise to need of a proper security. All these websites and other online accounts manage authentication of the users with simple text-based passwords. Password reuse behavior can compromise connected user accounts if any of the company’s data is breached. The main idea of this paper is to demonstrate that the password reuse behavior makes one’s account vulnerable and these accounts are prone to attack/hack. In this study, we collected usernames and passwords dumps of 15 different websites from public forums like pastebin.com. We used 62,000 and 3000 login credentials from Twitter and Thai4promotion websites, respectively for our research. Our experiments revealed an extensive password reuse behavior across sites like Twitter, Facebook, Gmail, etc. About 35 % of accounts we experimented were vulnerable to this phenomenon. A survey was conducted targeting online users which showed us that, around 59 % out of 79 % regular internet users still reuse passwords for multiple accounts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Florencio, Dinei, and Cormac Herley. “A large-scale study of web password habits.” Proceedings of the 16th international conference on World Wide Web. ACM, 2007.
“Passwords Re-used by Six out of Ten Consumers.” Techworld. N.p., n.d. Web. 21 Apr. 2015. http://news.techworld.com/security/3400895/passwords-re-used-by-six-out-of-ten-consumers/.
Wiedenbeck, Susan, et al. “Design and evaluation of a shoulder-surfing resistant graphical password scheme.” Proceedings of the working conference on Advanced visual interfaces. ACM, 2006.
R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in CHI ’06: Proc. SIGCHI Conf. Human Factors Computing Systems, New York, 2006, pp. 581–590, ACM.
“World’s Biggest Data Breaches & Hacks - Information Is Beautiful.”Information Is Beautiful Worlds Biggest Data Breaches Hacks Comments. N.p., n.d. Web. 21 Apr. 2015. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.
“Data Breach and Attacks on Organisations.” N.p., n.d. Web. 21 Apr. 2015. http://www-935.ibm.com/services/us/en/it-services/data-breach/data-breach-statistics.html.
Ives, Blake, Kenneth R. Walsh, and Helmut Schneider. “The domino effect of password reuse.” Communications of the ACM 47.4 (2004): 75–78.
“Reusing Passwords at Different Websites.” N.p., n.d. Web. 21 Apr. 2015. http://www.researchgate.net/publication/27296513_The_Domino_Effect_of_Password_Reuse.
Sun, Hung-Min, Yao-Hsin Chen, and Yue-Hsun Lin. “oPass: A user authentication protocol resistant to password stealing and password reuse attacks.” Information Forensics and Security, IEEE Transactions on 7.2 (2012): 651–663.
Devi, S. Megala, and M. Geetha. “OPass: Attractive Presentation of User Authentication Protocol with Resist to Password Reuse Attacks.” (2013).
Weir, Matt, et al. “Password cracking using probabilistic context-free grammars.” Security and Privacy, 2009 30th IEEE Symposium on. IEEE, 2009.
Narayanan, Arvind, and VitalyShmatikov. “Fast dictionary attacks on passwords using time-space tradeoff.” Proceedings of the 12th ACM conference on Computer and communications security. ACM, 2005.
Pinkas, Benny, and Tomas Sander. “Securing passwords against dictionary attacks.” Proceedings of the 9th ACM conference on Computer and communications security. ACM, 2002.
Goodin, Dan. ““thereisnofatebutwhat-wemake”-Turbo-charged Cracking Comes to Long Passwords.” Ars Technica. N.p., n.d. Web. 21 Apr. 2015. http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/.
“Preventing Password Reuse.” Preventing Password Reuse. N.p., n.d. Web. 21 Apr. 2015. http://www.slyman.org/blog/2011/02/preventing-password-reuse/.
A Study Of Password Habits Among American Consumers, and September 2012. CONSUMER SURVEY: PASSWORD HABITS (n.d.): n. pag. Against Fraud Attacks. Web. 21 Apr. 2015. http://www.csid.com/wp-content/uploads/2012/09/CS_PasswordSurvey_FullReport_FINAL.pdf.
J. Bonneau, “The science of guessing: analyzing an anonymized corpus of 70 million passwords,” in Proceedings of the 33rd IEEE Symposium on Security and Privacy, ser. SP ’12, May 2012.
Kelley, Patrick Gage, et al. “Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms.” Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012.
Ms. A. G. Khairnar and Prof. N. L. Bhale. “A Survey on Password Security Systems.” IJECSE, Volume2,Number 2, April 2013.
Gaw, Shirley, and Edward W. Felten. “Password management strategies for online accounts.” Proceedings of the second symposium on Usable privacy and security. ACM, 2006.
Komanduri, Saranga, et al. “Of passwords and people: measuring the effect of password-composition policies.” Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2011.
“Krebs on Security.” Krebs on Security RSS. N.p., n.d. Web. 21 Apr. 2015. http://krebsonsecurity.com/2013/11/cupid-media-hack-exposed-42m-passwords/comment-page-1/.
“Sony Password Analysis.” Sony Password Analysis. N.p., n.d. Web. 1 Jan. 2015. http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html.
“Lulzsec’s Sony Hack Shows Rampant Password Reuse.” Lulzsec’s Sony Hack Shows Rampant Password Reuse. N.p., n.d. Web. 21 Apr. 2015. http://www.computerworld.com/s/article/9217646/LulzSec_s_Sony_hack_shows_rampant_password_re_use.
“Sony Hack Reveals Password Security Is Even Worse than Feared.” • The Register. N.p., n.d. Web. 21 Apr. 2015. http://www.theregister.co.uk/2011/06/08/password_re_use_survey/.
J. A. Halderman, B. Waters, and E. W. Felten, “A convenient method for securely managing passwords,” in WWW ’05: Proc. 14th Int. Conf World Wide Web, New York, 2005, pp. 471–479, ACM.
Egelman, Serge, et al. “It’s Not Stealing If You Need It: A Panel on the Ethics of Performing Research Using Public Data of Illicit Origin.” Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2012.
Zhang, Yinqian, Fabian Monrose, and Michael K. Reiter. “The security of modern password expiration: an algorithmic framework and empirical analysis.” Proceedings of the 17th ACM conference on Computer and communications security. ACM, 2010.
“Most Common and Hackable Passwords on the Internet.” Most Common and Hackable Passwords on the Internet. N.p., n.d. Web. 21 Apr. 2015.http://www.telegraph.co.uk/technology/internet-security/10303159/Most-common-and-hackable-passwords-on-the-internet.html.
“Beware-meta-password Reuse.” Beware-meta-password Reuse. N.p., n.d. Web. 23 Mar. 2015. http://www.itworld.com/tech-society/54193/beware-meta-password-reuse.
Steube, J. “Hashcat Advanced Password Recovery.” (2013).
“Survey : Impact Of Massive Online Breaches On Password Reuse Behaviour.” Google Docs. N.p., n.d. Web. 21 Apr. 2015. https://docs.google.com/forms/d/1Ig8GFGC0rry7gwWOCBMuvSS2NBy3X3Zl1J7TGbONu4s/viewform.
Acknowledgments
We owe a great thanks to many people who have helped and supported us for this project. We thank our Institution and the entire Cyber Security team for their support without whom the completion of this project would have been a distant reality.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Poornachandran, P., Nithun, M., Pal, S., Ashok, A., Ajayan, A. (2016). Password Reuse Behavior: How Massive Online Data Breaches Impacts Personal Data in Web. In: Saini, H., Sayal, R., Rawat, S. (eds) Innovations in Computer Science and Engineering. Advances in Intelligent Systems and Computing, vol 413. Springer, Singapore. https://doi.org/10.1007/978-981-10-0419-3_24
Download citation
DOI: https://doi.org/10.1007/978-981-10-0419-3_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0417-9
Online ISBN: 978-981-10-0419-3
eBook Packages: EngineeringEngineering (R0)