Exploring the Risks of Password Reuse across Websites of Different Importance

Abstract: This study attempts to simulate the different ways through which a malicious hacker may attempt to gain unauthorized access to user accounts by leveraging the similarities between multiple linked passwords of the same user. The issue of managing multiple password-protected accounts exemplifies the usability/security trade-off in cybersecurity. Users often reuse the same password, with little or no modifications, across websites of different importance, compromising the security of the high-value accounts. By combining syntactic similarity, dictionary attack, service-related keywords, and semantic similarity on a set of 62,213 linked passwords available from the leaked databases on the internet, 82.3% of the high-value passwords were cracked with an average of 1.82 seconds spent on each attempted password. Similarly, the syntactic method alone achieved an accuracy of 73.6% at 0.82 seconds spent per password attempted. We further connect our findings to the broader issues in cybersecurity and offer a few suggestions to protect the high-value accounts of the users.

Keywords: Usability, Security, Authentication, Password, Hierarchy

DOI: 10.54941/ahfe1005469

Cite this paper:

​