Hierarchy of users' web passwords: Perceptions, practices and susceptibilities

S. M.Taiabul Haque, Matthew Wright, Shannon Scielzo

Research output: Contribution to journalArticle

14 Citations (Scopus)

Abstract

In this study, we propose a hierarchy of password importance, and we use an experiment to examine the degree of similarity between passwords for lower-level (e.g. news portal) and higher-level (e.g. banking) websites in this hierarchy. We asked subjects to construct passwords for websites at both levels. Leveraging the lower-level passwords along with a dictionary attack, we successfully cracked almost one-third of the subjects' higher-level passwords. In a survey, subjects reported frequently reusing higher-level passwords, with or without modifications, as well as using a similar process to construct both levels of passwords. We thus conclude that unsafely shared or leaked lower-level passwords can be used by attackers to crack higher-level passwords.

Original languageEnglish (US)
Pages (from-to)860-874
Number of pages15
JournalInternational Journal of Human Computer Studies
Volume72
Issue number12
DOIs
StatePublished - Jan 1 2014

Fingerprint

Websites
website
Glossaries
Cracks
banking
dictionary
news
Experiments
experiment

Keywords

  • Password
  • Security
  • Survey
  • Usability

ASJC Scopus subject areas

  • Software
  • Human Factors and Ergonomics
  • Education
  • Engineering(all)
  • Human-Computer Interaction
  • Hardware and Architecture

Cite this

Hierarchy of users' web passwords : Perceptions, practices and susceptibilities. / Haque, S. M.Taiabul; Wright, Matthew; Scielzo, Shannon.

In: International Journal of Human Computer Studies, Vol. 72, No. 12, 01.01.2014, p. 860-874.

Research output: Contribution to journalArticle

@article{32b4e73c4edf40689a5b69d3a29838e9,
title = "Hierarchy of users' web passwords: Perceptions, practices and susceptibilities",
abstract = "In this study, we propose a hierarchy of password importance, and we use an experiment to examine the degree of similarity between passwords for lower-level (e.g. news portal) and higher-level (e.g. banking) websites in this hierarchy. We asked subjects to construct passwords for websites at both levels. Leveraging the lower-level passwords along with a dictionary attack, we successfully cracked almost one-third of the subjects' higher-level passwords. In a survey, subjects reported frequently reusing higher-level passwords, with or without modifications, as well as using a similar process to construct both levels of passwords. We thus conclude that unsafely shared or leaked lower-level passwords can be used by attackers to crack higher-level passwords.",
keywords = "Password, Security, Survey, Usability",
author = "Haque, {S. M.Taiabul} and Matthew Wright and Shannon Scielzo",
year = "2014",
month = "1",
day = "1",
doi = "10.1016/j.ijhcs.2014.07.007",
language = "English (US)",
volume = "72",
pages = "860--874",
journal = "International Journal of Human Computer Studies",
issn = "1071-5819",
publisher = "Academic Press Inc.",
number = "12",

}

TY - JOUR

T1 - Hierarchy of users' web passwords

T2 - Perceptions, practices and susceptibilities

AU - Haque, S. M.Taiabul

AU - Wright, Matthew

AU - Scielzo, Shannon

PY - 2014/1/1

Y1 - 2014/1/1

N2 - In this study, we propose a hierarchy of password importance, and we use an experiment to examine the degree of similarity between passwords for lower-level (e.g. news portal) and higher-level (e.g. banking) websites in this hierarchy. We asked subjects to construct passwords for websites at both levels. Leveraging the lower-level passwords along with a dictionary attack, we successfully cracked almost one-third of the subjects' higher-level passwords. In a survey, subjects reported frequently reusing higher-level passwords, with or without modifications, as well as using a similar process to construct both levels of passwords. We thus conclude that unsafely shared or leaked lower-level passwords can be used by attackers to crack higher-level passwords.

AB - In this study, we propose a hierarchy of password importance, and we use an experiment to examine the degree of similarity between passwords for lower-level (e.g. news portal) and higher-level (e.g. banking) websites in this hierarchy. We asked subjects to construct passwords for websites at both levels. Leveraging the lower-level passwords along with a dictionary attack, we successfully cracked almost one-third of the subjects' higher-level passwords. In a survey, subjects reported frequently reusing higher-level passwords, with or without modifications, as well as using a similar process to construct both levels of passwords. We thus conclude that unsafely shared or leaked lower-level passwords can be used by attackers to crack higher-level passwords.

KW - Password

KW - Security

KW - Survey

KW - Usability

UR - http://www.scopus.com/inward/record.url?scp=84908317062&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84908317062&partnerID=8YFLogxK

U2 - 10.1016/j.ijhcs.2014.07.007

DO - 10.1016/j.ijhcs.2014.07.007

M3 - Article

AN - SCOPUS:84908317062

VL - 72

SP - 860

EP - 874

JO - International Journal of Human Computer Studies

JF - International Journal of Human Computer Studies

SN - 1071-5819

IS - 12

ER -