Skip to main content
SpringerLink
Log in

Password Reuse Behavior: How Massive Online Data Breaches Impacts Personal Data in Web

  • Conference paper
  • First Online:
Innovations in Computer Science and Engineering

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 413))

Abstract

Web 2.0 has given a new dimension to Internet bringing in the “social web” where personal data of a user resides in a public space. Personal Knowledge Management (PKM) by websites like Facebook, LinkedIn, and Twitter, etc. has given rise to need of a proper security. All these websites and other online accounts manage authentication of the users with simple text-based passwords. Password reuse behavior can compromise connected user accounts if any of the company’s data is breached. The main idea of this paper is to demonstrate that the password reuse behavior makes one’s account vulnerable and these accounts are prone to attack/hack. In this study, we collected usernames and passwords dumps of 15 different websites from public forums like pastebin.com. We used 62,000 and 3000 login credentials from Twitter and Thai4promotion websites, respectively for our research. Our experiments revealed an extensive password reuse behavior across sites like Twitter, Facebook, Gmail, etc. About 35 % of accounts we experimented were vulnerable to this phenomenon. A survey was conducted targeting online users which showed us that, around 59 % out of 79 % regular internet users still reuse passwords for multiple accounts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Florencio, Dinei, and Cormac Herley. “A large-scale study of web password habits.” Proceedings of the 16th international conference on World Wide Web. ACM, 2007.

    Google Scholar 

  2. “Passwords Re-used by Six out of Ten Consumers.” Techworld. N.p., n.d. Web. 21 Apr. 2015. http://news.techworld.com/security/3400895/passwords-re-used-by-six-out-of-ten-consumers/.

  3. Wiedenbeck, Susan, et al. “Design and evaluation of a shoulder-surfing resistant graphical password scheme.” Proceedings of the working conference on Advanced visual interfaces. ACM, 2006.

    Google Scholar 

  4. R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in CHI ’06: Proc. SIGCHI Conf. Human Factors Computing Systems, New York, 2006, pp. 581–590, ACM.

    Google Scholar 

  5. “World’s Biggest Data Breaches & Hacks - Information Is Beautiful.”Information Is Beautiful Worlds Biggest Data Breaches Hacks Comments. N.p., n.d. Web. 21 Apr. 2015. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.

  6. “Data Breach and Attacks on Organisations.” N.p., n.d. Web. 21 Apr. 2015. http://www-935.ibm.com/services/us/en/it-services/data-breach/data-breach-statistics.html.

  7. Ives, Blake, Kenneth R. Walsh, and Helmut Schneider. “The domino effect of password reuse.” Communications of the ACM 47.4 (2004): 75–78.

    Google Scholar 

  8. “Reusing Passwords at Different Websites.” N.p., n.d. Web. 21 Apr. 2015. http://www.researchgate.net/publication/27296513_The_Domino_Effect_of_Password_Reuse.

  9. Sun, Hung-Min, Yao-Hsin Chen, and Yue-Hsun Lin. “oPass: A user authentication protocol resistant to password stealing and password reuse attacks.” Information Forensics and Security, IEEE Transactions on 7.2 (2012): 651–663.

    Google Scholar 

  10. Devi, S. Megala, and M. Geetha. “OPass: Attractive Presentation of User Authentication Protocol with Resist to Password Reuse Attacks.” (2013).

    Google Scholar 

  11. Weir, Matt, et al. “Password cracking using probabilistic context-free grammars.” Security and Privacy, 2009 30th IEEE Symposium on. IEEE, 2009.

    Google Scholar 

  12. Narayanan, Arvind, and VitalyShmatikov. “Fast dictionary attacks on passwords using time-space tradeoff.” Proceedings of the 12th ACM conference on Computer and communications security. ACM, 2005.

    Google Scholar 

  13. Pinkas, Benny, and Tomas Sander. “Securing passwords against dictionary attacks.” Proceedings of the 9th ACM conference on Computer and communications security. ACM, 2002.

    Google Scholar 

  14. Goodin, Dan. ““thereisnofatebutwhat-wemake”-Turbo-charged Cracking Comes to Long Passwords.” Ars Technica. N.p., n.d. Web. 21 Apr. 2015. http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/.

  15. “Preventing Password Reuse.” Preventing Password Reuse. N.p., n.d. Web. 21 Apr. 2015. http://www.slyman.org/blog/2011/02/preventing-password-reuse/.

  16. A Study Of Password Habits Among American Consumers, and September 2012. CONSUMER SURVEY: PASSWORD HABITS (n.d.): n. pag. Against Fraud Attacks. Web. 21 Apr. 2015. http://www.csid.com/wp-content/uploads/2012/09/CS_PasswordSurvey_FullReport_FINAL.pdf.

  17. J. Bonneau, “The science of guessing: analyzing an anonymized corpus of 70 million passwords,” in Proceedings of the 33rd IEEE Symposium on Security and Privacy, ser. SP ’12, May 2012.

    Google Scholar 

  18. Kelley, Patrick Gage, et al. “Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms.” Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012.

    Google Scholar 

  19. Ms. A. G. Khairnar and Prof. N. L. Bhale. “A Survey on Password Security Systems.” IJECSE, Volume2,Number 2, April 2013.

    Google Scholar 

  20. Gaw, Shirley, and Edward W. Felten. “Password management strategies for online accounts.” Proceedings of the second symposium on Usable privacy and security. ACM, 2006.

    Google Scholar 

  21. Komanduri, Saranga, et al. “Of passwords and people: measuring the effect of password-composition policies.” Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2011.

    Google Scholar 

  22. “Krebs on Security.” Krebs on Security RSS. N.p., n.d. Web. 21 Apr. 2015. http://krebsonsecurity.com/2013/11/cupid-media-hack-exposed-42m-passwords/comment-page-1/.

  23. “Sony Password Analysis.” Sony Password Analysis. N.p., n.d. Web. 1 Jan. 2015. http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html.

  24. “Lulzsec’s Sony Hack Shows Rampant Password Reuse.” Lulzsec’s Sony Hack Shows Rampant Password Reuse. N.p., n.d. Web. 21 Apr. 2015. http://www.computerworld.com/s/article/9217646/LulzSec_s_Sony_hack_shows_rampant_password_re_use.

  25. “Sony Hack Reveals Password Security Is Even Worse than Feared.” • The Register. N.p., n.d. Web. 21 Apr. 2015. http://www.theregister.co.uk/2011/06/08/password_re_use_survey/.

  26. J. A. Halderman, B. Waters, and E. W. Felten, “A convenient method for securely managing passwords,” in WWW ’05: Proc. 14th Int. Conf World Wide Web, New York, 2005, pp. 471–479, ACM.

    Google Scholar 

  27. Egelman, Serge, et al. “It’s Not Stealing If You Need It: A Panel on the Ethics of Performing Research Using Public Data of Illicit Origin.” Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2012.

    Google Scholar 

  28. Zhang, Yinqian, Fabian Monrose, and Michael K. Reiter. “The security of modern password expiration: an algorithmic framework and empirical analysis.” Proceedings of the 17th ACM conference on Computer and communications security. ACM, 2010.

    Google Scholar 

  29. “Most Common and Hackable Passwords on the Internet.” Most Common and Hackable Passwords on the Internet. N.p., n.d. Web. 21 Apr. 2015.http://www.telegraph.co.uk/technology/internet-security/10303159/Most-common-and-hackable-passwords-on-the-internet.html.

  30. “Beware-meta-password Reuse.” Beware-meta-password Reuse. N.p., n.d. Web. 23 Mar. 2015. http://www.itworld.com/tech-society/54193/beware-meta-password-reuse.

  31. Steube, J. “Hashcat Advanced Password Recovery.” (2013).

    Google Scholar 

  32. “Survey : Impact Of Massive Online Breaches On Password Reuse Behaviour.” Google Docs. N.p., n.d. Web. 21 Apr. 2015. https://docs.google.com/forms/d/1Ig8GFGC0rry7gwWOCBMuvSS2NBy3X3Zl1J7TGbONu4s/viewform.

Download references

Acknowledgments

We owe a great thanks to many people who have helped and supported us for this project. We thank our Institution and the entire Cyber Security team for their support without whom the completion of this project would have been a distant reality.

Author information

Authors and Affiliations

  1. Amrita Center for Cyber Security, Amrita University, Amritapuri Campus, Kollam, Kerala, India

    Prabaharan Poornachandran, Soumajit Pal & Aravind Ashok

  2. Department of Cyber Security Systems & Networks, Amrita University, Amritapuri Campus, Kollam, Kerala, India

    M. Nithun & Aravind Ajayan

Authors
  1. Prabaharan Poornachandran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Nithun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Soumajit Pal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aravind Ashok
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Aravind Ajayan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prabaharan Poornachandran .

Editor information

Editors and Affiliations

  1. Guru Nanak Institutions, Professor & Managing Director, Ibrahimpatnam, Andhra Pradesh, India

    H. S. Saini

  2. Guru Nanak Institutions, Professor & Associate Director, Ibrahimpatnam, Andhra Pradesh, India

    Rishi Sayal

  3. Guru Nanak Institutions, Professor and Head – CSE and IT, Ibrahimpatnam, India

    Sandeep Singh Rawat

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Science+Business Media Singapore

About this paper

Cite this paper

Poornachandran, P., Nithun, M., Pal, S., Ashok, A., Ajayan, A. (2016). Password Reuse Behavior: How Massive Online Data Breaches Impacts Personal Data in Web. In: Saini, H., Sayal, R., Rawat, S. (eds) Innovations in Computer Science and Engineering. Advances in Intelligent Systems and Computing, vol 413. Springer, Singapore. https://doi.org/10.1007/978-981-10-0419-3_24

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-0419-3_24

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-0417-9

  • Online ISBN: 978-981-10-0419-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation