Secret sharing in online communities: A comparative analysis of offender and non-offender password creation strategies

Abstract

Even though several authentication methods exist, passwords remain the most common type of authentication. Researchers have demonstrated the influence of a person’s environment and exposure to the Internet on their online security behavior (Bosnjak & Brumen, 2016; He et al., 2021; Juozapavičius et al., 2022). Those studies suggest that social identity seems to play a role in password choice. The objective of this study was to determine if the criminal nature of a network influences password-creation strategies. To achieve this, we utilized two databases with a substantial number of actual passwords (1485,095) that had been leaked to the Internet. One database was sourced from a non-delinquent social network, while the other was from a hacker forum. We employed logistic regression to reveal the characteristics associated with each group, ensuring a comprehensive analysis of different types of password strategies and the similarity between actors of the same network. Results show that users of the same network have passwords with characteristics that are similar to each other. Individuals with the same social interests seem more likely to use the same password-creation strategies. From a network analysis perspective, the results show that similar individuals (sharing the same interests) are similar in other aspects (password creation strategies). These findings offer valuable insights into the diverse landscape of password varieties and user behaviors, contributing to a more comprehensive understanding of internet user networks.