Hierarchy of users' web passwords: Perceptions, practices and susceptibilities

S. M.Taiabul Haque, Matthew Wright, Shannon Scielzo

Research output: Contribution to journalArticlepeer-review

22 Scopus citations


In this study, we propose a hierarchy of password importance, and we use an experiment to examine the degree of similarity between passwords for lower-level (e.g. news portal) and higher-level (e.g. banking) websites in this hierarchy. We asked subjects to construct passwords for websites at both levels. Leveraging the lower-level passwords along with a dictionary attack, we successfully cracked almost one-third of the subjects' higher-level passwords. In a survey, subjects reported frequently reusing higher-level passwords, with or without modifications, as well as using a similar process to construct both levels of passwords. We thus conclude that unsafely shared or leaked lower-level passwords can be used by attackers to crack higher-level passwords.

Original languageEnglish (US)
Pages (from-to)860-874
Number of pages15
JournalInternational Journal of Human Computer Studies
Issue number12
StatePublished - Dec 2014


  • Password
  • Security
  • Survey
  • Usability

ASJC Scopus subject areas

  • Software
  • Human Factors and Ergonomics
  • Education
  • Engineering(all)
  • Human-Computer Interaction
  • Hardware and Architecture


Dive into the research topics of 'Hierarchy of users' web passwords: Perceptions, practices and susceptibilities'. Together they form a unique fingerprint.

Cite this