Title: Analysing security and privacy issues of using e-mail address as identity

Authors: Lei Jin; Hassan Takabi; James B.D. Joshi

Addresses: School of Information Sciences, University of Pittsburgh, 410 IS Building, 135 N. Bellefield Avenue, Pittsburgh, PA 15213, USA. ' School of Information Sciences, University of Pittsburgh, 410 IS Building, 135 N. Bellefield Avenue, Pittsburgh, PA 15213, USA. ' School of Information Sciences, University of Pittsburgh, 410 IS Building, 135 N. Bellefield Avenue, Pittsburgh, PA 15213, USA

Abstract: Nowadays, many websites allow or require users to use their e-mail addresses either as identity or for other purposes. Although username-based identity problems resulting from users| behaviours have been a research focus for quite some time, the serious issues of using e-mail address as identity and the associated online behaviours of users have not been well investigated. In this paper, we discuss and analyse security and privacy problems resulting from using e-mail address as identity via well-designed user behaviour survey and by investigating websites| design schemes. Our results illustrate that using e-mail address as identity poses high security and privacy risks. This is mainly because of the multiple usages of e-mail addresses and users| improper online habits. Moreover, we discuss drawbacks of existing solutions for e-mail address as identity and related password problems, and present potential solutions that may be used to secure online identity management systems in future.

Keywords: e-mail address identity; email addresses; authentication; security; privacy; user behaviour; online habits; passwords; identity management.

DOI: 10.1504/IJIPSI.2011.043730

International Journal of Information Privacy, Security and Integrity, 2011 Vol.1 No.1, pp.34 - 58

Available online: 11 Nov 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article