Improving information security management: An analysis of ID-password usage and a new login vulnerability measure

Youngsok Bang, Dong Joo Lee, Yoon Soo Bae, Jae Hyeon Ahn

Research output: Contribution to journalArticle

21 Citations (Scopus)

Abstract

Statistics show that the number of identity theft victims in the US increased by 12% in 2009, to 11.1 million adults, while the total annual fraud amount increased by 12.5%, to $54 billion. As the e-commerce volume is increasing and various online services are becoming more popular, the number of sites to which an average Internet user subscribes is increasing rapidly. Given the limited memory capacity of human beings, an Internet user's login credentials (in the form of a combination of a user ID and a password) are usually reused over multiple accounts, which can cause significant security problems. In this study, we address the vulnerability of login credentials. First, based on a unique Internet user data set, we analyze the behavioral characteristics of login credentials usage. We find that the same login credentials are used for many more accounts and reused much more often than previously expected. Furthermore, usage patterns are found to be quite skewed. Second, building on a network perspective of login credentials usage, we suggest a vulnerability measure of an individual's login credentials and analyze the vulnerability of current Internet users. The resulting information is valuable not only to the research community but also to managers and policy makers striving to reduce security vulnerability.

Original languageEnglish
Pages (from-to)409-418
Number of pages10
JournalInternational Journal of Information Management
Volume32
Issue number5
DOIs
Publication statusPublished - 2012 Oct

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications
  • Library and Information Sciences

Cite this