Sciweavers

GAMESEC
2010

The Password Game: Negative Externalities from Weak Password Practices

13 years 10 months ago
The Password Game: Negative Externalities from Weak Password Practices
The combination of username and password is widely used as a human authentication mechanism on the Web. Despite this universal adoption and despite their long tradition, password schemes exhibit a high number of security flaws which jeopardise the confidentiality and integrity of personal information. As Web users tend to reuse the same password for several sites, security negligence at any one site introduces a negative externality into the entire password ecosystem. We analyse this market inefficiency as the equilibrium between password deployment strategies at security-concerned Web sites and indifferent Web sites. The game-theoretic prediction is challenged by an empirical analysis. By a manual inspection of 150 public Web sites that offer free yet passwordprotected sign-up, complemented by an automated sampling of 2184 Web sites, we demonstrate that observed password practices follow the theory: Web sites that have little incentive to invest in security are indeed found to have we...
Sören Preibusch, Joseph Bonneau
Added 11 Feb 2011
Updated 11 Feb 2011
Type Journal
Year 2010
Where GAMESEC
Authors Sören Preibusch, Joseph Bonneau
Comments (0)