Password Reuse Behavior: How Massive Online Data Breaches Impacts Personal Data in Web

Web 2.0 has given a new dimension to Internet bringing in the “social web” where personal data of a user resides in a public space. Personal Knowledge Management (PKM) by websites like Facebook, LinkedIn, and Twitter, etc. has given rise to need of a proper security. All these websites and other online accounts manage authentication of the users with simple text-based passwords. Password reuse behavior can compromise connected user accounts if any of the company’s data is breached. The main idea of this paper is to demonstrate that the password reuse behavior makes one’s account vulnerable and these accounts are prone to attack/hack. In this study, we collected usernames and passwords dumps of 15 different websites from public forums like pastebin.com. We used 62,000 and 3000 login credentials from Twitter and Thai4promotion websites, respectively for our research. Our experiments revealed an extensive password reuse behavior across sites like Twitter, Facebook, Gmail, etc. About 35 % of accounts we experimented were vulnerable to this phenomenon. A survey was conducted targeting online users which showed us that, around 59 % out of 79 % regular internet users still reuse passwords for multiple accounts.