Loose password security in Chinese cyber world left the front door wide open to hackers: an analytic view
Pages 121 - 126
Abstract
Between December 21 and 25, 2011, hackers released more than 100 million users' account information, from China's most popular websites, including usernames, passwords, and emails. As user passwords were not encrypted, the online security crisis has caused prevailing panic among many Internet users in China. On the other hand, this online security disaster also provides researchers priceless data with which to study users' password patterns, especially when comparing those patterns across various relevant websites. Lessons thusly learned can help Chinese online service providers improve their service security in the future. This paper reports the findings from the exploratory study of the datasets from the affected websites with more than 60 million records, including (1) users might choose less secure passwords for their convenience and ease of memorization, though their primary concern is online security; (2) for the same reasons, password reuse is common, as users tend to use the same passwords for multiple online accounts; and (3) passwords usually contain common words, or personal information, such as birthdays and family member names.
References
[1]
Brown, A. UK study: Passwords often easy to crack. CNN.com (March 2002); http://archives.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.html
[2]
Burnett, M and Kleiman, D. Perfect password: Selection, protection, authentication. MA: Syngress, 2006. P. 28
[3]
Calin, B. Statistics from 10,000 leaked Hotmail passwords. Acunetix: Web Application Security (Oct, 2009); http://www.acunetix.com/blog/news/statistics-from-10000-leaked-hotmail-passwords/
[4]
Homeland Security, Recommended practice: Improving Industrial control systems Cybersecurity with defense-in-depth strategies (October, 2009); http://www.us-cert.gov/control_systems/practices/documents/Defense_in_Depth_Oct09.pdf
[5]
Ives, B., Walsh, K. R. and Schneider, H. The domino effect of password reuse. Comm. ACM, 47, 4 (April 2004), 75--78.
[6]
Lewand R. E. Relative frequencies of letters in general English plain text. Cryptographical Mathematics; http://pages.central.edu/emp/LintonT/classes/spring01/cryptography/letterfreq.html
[7]
Leyden, J. Office workers give away passwords for a cheap pen: Security? What's that? Security (April 2003); http://www.theregister.co.uk/2003/04/18/office_workers_give_away_passwords/
[8]
Mhassanmemon, Password statistics. Security (Feb, 2011); http://computersight.com/communication-networks/security/password-statistics/
[9]
Muflikhah, L., and Baharum B. Document clustering using concept space and cosine similarity measurement." 2009 International Conference on Computer Technology and Development (2009): 58--62.
[10]
Riley, S. Password security: What users know and what they actually do. Usability News, 8, 1 (Feb. 2006); http://www.surl.org/usabilitynews/81/Passwords.asp
[11]
Schneier B. Real-world passwords. Schneier on Security (Dec. 2006); http://www.schneier.com/blog/archives/2006/12/realworld_passw.html
[12]
Stanton J. M., Stam, K. R., Mastrangelo, P., and Jolton, J. Analysis of end user security behaviors. Computers and Security, 24, 2 (2005), 124--133.
[13]
Yu, L. and Fang, X. 100 million usernames, passwords leaked. Caixin Online, Dec. 2011; http://english.caixin.com/2011-12-29/100344138.html
[14]
Zhai, S. and He, T. Design and implementation of password-based identity authentication system. Computer Application and System Modeling, 9 (Oct, 2010), 253--257.\
[15]
Zhang, C. S. and Guan, W. W. Study of present probability of 26 English letters in Chinese characters spelling yard. Computer Engineering and Applications, 7 (2006), 146--151.
Index Terms
- Loose password security in Chinese cyber world left the front door wide open to hackers: an analytic view
Recommendations
Comments
Information & Contributors
Information
Published In
August 2012
357 pages
ISBN:9781450311977
DOI:10.1145/2346536
- General Chair:
- Robert J. Kauffman,
- Program Chairs:
- Martin Bichler,
- Hoong Chuin Lau,
- Yinping Yang,
- Christopher Yang
Copyright © 2012 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- Singapore Management University: Singapore Management University
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 August 2012
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICEC '12
Sponsor:
- Singapore Management University
ICEC '12: Fourteenth International Conference on Electronic Commerce
August 7 - 8, 2012
Singapore, Singapore
Acceptance Rates
Overall Acceptance Rate 150 of 244 submissions, 61%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 267Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 24 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in