skip to main content
10.1145/2346536.2346558acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicecConference Proceedingsconference-collections
research-article

Loose password security in Chinese cyber world left the front door wide open to hackers: an analytic view

Published: 07 August 2012 Publication History

Abstract

Between December 21 and 25, 2011, hackers released more than 100 million users' account information, from China's most popular websites, including usernames, passwords, and emails. As user passwords were not encrypted, the online security crisis has caused prevailing panic among many Internet users in China. On the other hand, this online security disaster also provides researchers priceless data with which to study users' password patterns, especially when comparing those patterns across various relevant websites. Lessons thusly learned can help Chinese online service providers improve their service security in the future. This paper reports the findings from the exploratory study of the datasets from the affected websites with more than 60 million records, including (1) users might choose less secure passwords for their convenience and ease of memorization, though their primary concern is online security; (2) for the same reasons, password reuse is common, as users tend to use the same passwords for multiple online accounts; and (3) passwords usually contain common words, or personal information, such as birthdays and family member names.

References

[1]
Brown, A. UK study: Passwords often easy to crack. CNN.com (March 2002); http://archives.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.html
[2]
Burnett, M and Kleiman, D. Perfect password: Selection, protection, authentication. MA: Syngress, 2006. P. 28
[3]
Calin, B. Statistics from 10,000 leaked Hotmail passwords. Acunetix: Web Application Security (Oct, 2009); http://www.acunetix.com/blog/news/statistics-from-10000-leaked-hotmail-passwords/
[4]
Homeland Security, Recommended practice: Improving Industrial control systems Cybersecurity with defense-in-depth strategies (October, 2009); http://www.us-cert.gov/control_systems/practices/documents/Defense_in_Depth_Oct09.pdf
[5]
Ives, B., Walsh, K. R. and Schneider, H. The domino effect of password reuse. Comm. ACM, 47, 4 (April 2004), 75--78.
[6]
Lewand R. E. Relative frequencies of letters in general English plain text. Cryptographical Mathematics; http://pages.central.edu/emp/LintonT/classes/spring01/cryptography/letterfreq.html
[7]
Leyden, J. Office workers give away passwords for a cheap pen: Security? What's that? Security (April 2003); http://www.theregister.co.uk/2003/04/18/office_workers_give_away_passwords/
[8]
Mhassanmemon, Password statistics. Security (Feb, 2011); http://computersight.com/communication-networks/security/password-statistics/
[9]
Muflikhah, L., and Baharum B. Document clustering using concept space and cosine similarity measurement." 2009 International Conference on Computer Technology and Development (2009): 58--62.
[10]
Riley, S. Password security: What users know and what they actually do. Usability News, 8, 1 (Feb. 2006); http://www.surl.org/usabilitynews/81/Passwords.asp
[11]
Schneier B. Real-world passwords. Schneier on Security (Dec. 2006); http://www.schneier.com/blog/archives/2006/12/realworld_passw.html
[12]
Stanton J. M., Stam, K. R., Mastrangelo, P., and Jolton, J. Analysis of end user security behaviors. Computers and Security, 24, 2 (2005), 124--133.
[13]
Yu, L. and Fang, X. 100 million usernames, passwords leaked. Caixin Online, Dec. 2011; http://english.caixin.com/2011-12-29/100344138.html
[14]
Zhai, S. and He, T. Design and implementation of password-based identity authentication system. Computer Application and System Modeling, 9 (Oct, 2010), 253--257.\
[15]
Zhang, C. S. and Guan, W. W. Study of present probability of 26 English letters in Chinese characters spelling yard. Computer Engineering and Applications, 7 (2006), 146--151.

Index Terms

  1. Loose password security in Chinese cyber world left the front door wide open to hackers: an analytic view

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ICEC '12: Proceedings of the 14th Annual International Conference on Electronic Commerce
    August 2012
    357 pages
    ISBN:9781450311977
    DOI:10.1145/2346536
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    • Singapore Management University: Singapore Management University

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 07 August 2012

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. cultural issues
    2. electronic commerce
    3. hacker
    4. password security

    Qualifiers

    • Research-article

    Conference

    ICEC '12
    Sponsor:
    • Singapore Management University

    Acceptance Rates

    Overall Acceptance Rate 150 of 244 submissions, 61%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 267
      Total Downloads
    • Downloads (Last 12 months)2
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 24 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media