Abstract
Passwords entered by users in web services and applications are essential and confidential information. Therefore, it is ideal for difficulty storing them to decipher in case of unauthorized intrusion from the outside. As a typical example, passwords are converted into hash values using the SHA2 algorithm and stored. However, not all web services and applications implement the ideal storage method. There have been many incidents in which personal information has been leaked. In some cases, the passwords were not stored correctly on the server-side but in plain text or encrypted in a reversible form. The passwords were leaked when there was an unauthorized intrusion or other damage. This research aims to clarify the actual situation of how services and applications store users’ passwords in plaintext or reversible form on the server-side through external observation surveys. The method is to list the survey targets for each service or application and conduct the survey for each service or application. As a result of the survey, there were no services or apps that were confirmed to have implemented inappropriate storage methods in both the top sites in the Alexa ranking and the top apps in the Google Play ranking, and the survey revealed that there were not many services that returned plain text in general.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wash, R., et al.: Understanding password choices: how frequently entered passwords are re-used across websites. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016) (2016)
Tunggal, A.T.: The 62 Biggest Data Breaches (Updated for January 2022). UpGuard Blog (2022 ) https://www.upguard.com/blog/biggest-data-breaches. Accessed 11 Feb 2022
Kee** password secure—Facebook. https://about.fb.com/news/2019/03/kee**-passwords-secure/. Accessed 08 Oct 2019
Notifying administrators about unhashed password storage. https://cloud.google.com/blog/products/g-suite/notifying-administrators-about-unhashed-password-storage. Accessed 08 Oct 2019
Alena, N., et al.: Why do developers get password storage wrong? a qualitative usability study. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)
Alena, N., et al.: Deception task design in developer password studies: exploring a student sample. In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018) (2018)
Alena, N., et al.: If you want, I can store the encrypted password a password-storage field study with freelance developers. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (2019)
Alena, N., et al.: On conducting security developer studies with CS students: examining a password-storage study with CS students, freelancers, and company developers. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (2020)
Acknowledgements
This work was supported by JSPS KAKENHI Grant Number JP22K12035.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Itoh, K., Kanaoka, A. (2023). Survey of Services that Store Passwords in a Recoverable Manner. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-35822-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35821-0
Online ISBN: 978-3-031-35822-7
eBook Packages: Computer ScienceComputer Science (R0)