The system will be unavailable due to maintenance on Thursday July 19 from 7:00-8:30 am ET.

Show simple item record

dc.contributor.authorWang, Chunen_US
dc.date.accessioned2018-06-06T08:02:22Z
dc.date.available2018-06-06T08:02:22Z
dc.date.issued2018-06-05
dc.identifier.othervt_gsexam:15882en_US
dc.identifier.urihttp://hdl.handle.net/10919/83471
dc.description.abstractLeaked passwords from data breaches can pose a serious threat if users reuse or slightly modify the passwords for other services. With more and more online services getting breached today, there is still a lack of large-scale quantitative understanding of the risks of password reuse and modification. In this project, we perform the first large-scale empirical analysis of password reuse and modification patterns using a ground-truth dataset of 28.8 million users and their 61.5 million passwords in 107 services over 8 years. We find that password reuse and modification is a very common behavior (observed on 52% of the users). More surprisingly, sensitive online services such as shopping websites and email services received the most reused and modified passwords. We also observe that users would still reuse the already-leaked passwords for other online services for years after the initial data breach. Finally, to quantify the security risks, we develop a new training-based guessing algorithm. Extensive evaluations show that more than 16 million password pairs (30% of the modified passwords and all the reused passwords) can be cracked within just 10 guesses. We argue that more proactive mechanisms are needed to protect user accounts after major data breaches.en_US
dc.format.mediumETDen_US
dc.publisherVirginia Techen_US
dc.rightsThis item is protected by copyright and/or related rights. Some uses of this item may be deemed fair and permitted by law even without permission from the rights holder(s), or the rights holder(s) may have licensed the work for use under certain conditions. For other uses you need to obtain permission from the rights holder(s).en_US
dc.subjectPassword Reuseen_US
dc.subjectEmpirical Measurementsen_US
dc.subjectBayesian Modelen_US
dc.titleEmpirical Analysis of User Passwords across Online Servicesen_US
dc.typeThesisen_US
dc.contributor.departmentComputer Scienceen_US
dc.description.degreeMSen_US
thesis.degree.nameMSen_US
thesis.degree.levelmastersen_US
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen_US
thesis.degree.disciplineComputer Science and Applicationsen_US
dc.contributor.committeechairWang, Gangen_US
dc.contributor.committeememberRaymond, David Richarden_US
dc.contributor.committeememberYao, Danfengen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record