A study of user password strategy for multiple accounts

S. M. Taiabul Haque, Matthew Wright, Shannon Scielzo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations

Abstract

Despite advances in biometrics and other technologies, pass- words remain the most commonly used means of authentication in computer systems. Users maintain different security levels for different passwords. In this study, we examine the degree of similarity among passwords of different security levels of a user. We conducted a laboratory experiment with 80 students from the University of Texas at Arlington (UTA). We asked the subjects to construct new passwords for websites of different security levels. We collected the lower-level passwords (e.g., passwords for online news sites) constructed by the subjects, combined them with a comprehensive wordlist, and performed dictionary attacks on their constructed passwords from the higher-level sites (e.g., banking websites). We could successfully crack almost one- third of their constructed passwords from the higher-level sites with this method. This suggests that, if a user's lower- level password is leaked, it can be used effectively by an attacker to crack some of the user's higher-level passwords.

Original languageEnglish (US)
Title of host publicationCODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
Pages173-175
Number of pages3
DOIs
StatePublished - Mar 18 2013
Event3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013 - San Antonio, TX, United States
Duration: Feb 18 2013Feb 20 2013

Publication series

NameCODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

Other

Other3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013
Country/TerritoryUnited States
CitySan Antonio, TX
Period2/18/132/20/13

Keywords

  • Laboratory experiment
  • Passwords
  • Security
  • Usability

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'A study of user password strategy for multiple accounts'. Together they form a unique fingerprint.

Cite this