The Tangled Web of Password Reuse
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
We investigate how an attacker can leverage leaked passwords from one site to more easily guess passwords at other sites. Our study found 42-51% of the users reusing the same password across multiple sites. We further identify few transformation rules that users employ to modify a basic password between sites which can be exploited by an attacker to make password guessing vastly easier.