TY - GEN
T1 - A study of user password strategy for multiple accounts
AU - Taiabul Haque, S. M.
AU - Wright, Matthew
AU - Scielzo, Shannon
PY - 2013
Y1 - 2013
N2 - Despite advances in biometrics and other technologies, pass- words remain the most commonly used means of authentication in computer systems. Users maintain different security levels for different passwords. In this study, we examine the degree of similarity among passwords of different security levels of a user. We conducted a laboratory experiment with 80 students from the University of Texas at Arlington (UTA). We asked the subjects to construct new passwords for websites of different security levels. We collected the lower-level passwords (e.g., passwords for online news sites) constructed by the subjects, combined them with a comprehensive wordlist, and performed dictionary attacks on their constructed passwords from the higher-level sites (e.g., banking websites). We could successfully crack almost one- third of their constructed passwords from the higher-level sites with this method. This suggests that, if a user's lower- level password is leaked, it can be used effectively by an attacker to crack some of the user's higher-level passwords.
AB - Despite advances in biometrics and other technologies, pass- words remain the most commonly used means of authentication in computer systems. Users maintain different security levels for different passwords. In this study, we examine the degree of similarity among passwords of different security levels of a user. We conducted a laboratory experiment with 80 students from the University of Texas at Arlington (UTA). We asked the subjects to construct new passwords for websites of different security levels. We collected the lower-level passwords (e.g., passwords for online news sites) constructed by the subjects, combined them with a comprehensive wordlist, and performed dictionary attacks on their constructed passwords from the higher-level sites (e.g., banking websites). We could successfully crack almost one- third of their constructed passwords from the higher-level sites with this method. This suggests that, if a user's lower- level password is leaked, it can be used effectively by an attacker to crack some of the user's higher-level passwords.
KW - Laboratory experiment
KW - Passwords
KW - Security
KW - Usability
UR - http://www.scopus.com/inward/record.url?scp=84874906715&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84874906715&partnerID=8YFLogxK
U2 - 10.1145/2435349.2435373
DO - 10.1145/2435349.2435373
M3 - Conference contribution
AN - SCOPUS:84874906715
SN - 9781450318907
T3 - CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
SP - 173
EP - 175
BT - CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
T2 - 3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013
Y2 - 18 February 2013 through 20 February 2013
ER -