« Results of the Web Application Security Professionals Survey Available | Main | Rich data: the dark side to Web 2.0 applications »

Utilization of the same credentials across various sites

For years people have been getting their online accounts compromised due to phishing as well as via  brute force attacks due to poorly chosen passwords. We also know that people tend to share the same credentials across multiple sites however I haven't seen any concrete research/metrics on how commonplace this is or the depth of information an attacker can gather using this approach. The difficulty with this type of research is that the only way you can tell is

A. You're testing each of these sites, each being its own felony and highly illegal.

B. You're an owner of one of these sites working with the others to correlate this in a safe non privacy infringing manner.

Does anyone know of anybody doing something like this or a published report?


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!