The Tangled Web of Password Reuse presented at NDSS 2014

by Matthew Caesar, Xiaofeng Wang, Joseph Bonneau, Anupam Das, Nikita Borosiv,

Summary : We investigate how an attacker can leverage leaked passwords from one site to more easily guess passwords at other sites. Our study found 42-51% of the users reusing the same password across multiple sites. We further identify few transformation rules that users employ to modify a basic password between sites which can be exploited by an attacker to make password guessing vastly easier.