Shadow Attacks Based On Password Patterns Password Reuses

For secured websites, the password based authentication is frequently used approach for authenticating the end user before granting the access. The growing use of password based authentication approach at increasing websites leads to the important issue of possibility of password reuses among accounts of various websites or similar websites. Additionally, the recent study on numerous high profile password hacking claims that password situation is not better. Under such cases, there is huge possibility of shadow attacks in which an attacker can successfully compromise the account that reuses the password of other accounts those are from similar website or different websites. The reuse of passwords for different accounts under same website is called as Intra-Site Password Reuses (ISPR). The reuse of passwords for different accounts under different websites is called as Cross-Site Password Reuses (CSPR). Therefore in order to prevent such shadow attacks on passwords, first we need to understand and examine the both ISPR and CSPR based on publically available password datasets. However, there is no in-depth empirical study conducted in literature except the one very recently introduced on Chinese password datasets However the problem with this method is that they are removing the duplicate profiles and passwords largely in their pre-processing step, this can reduces the scalability of password reuses.