usenix conference policies
A Usability Study and Critique of Two Password Managers
We present a usability study of two recent password manager proposals: PwdHash (Ross et al., 2005) and Password Multiplier (Halderman et al., 2005). Both papers considered usability issues in greater than typical detail, the former briefly reporting on a small usability study; both also provided implementations for download. Our study involving 26 users found that both proposals suffer from major usability problems. Some of these are not "simply" usability issues, but rather lead directly to security exposures. Not surprisingly, we found the most significant problems arose from users having inaccurate or incomplete mental models of the software. Our study revealed many interesting misunderstandings � for example, users reporting a task as easy even when unsuccessful at completing that task; and believing their passwords were being strengthened when in fact they had failed to engage the appropriate protection mechanism. Our findings also suggested that ordinary users would be reluctant to opt-in to using these managers: users were uncomfortable with "relinquishing control" of their passwords to a manager, did not feel that they needed the password managers, or that the managers provided greater security.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Sonia Chiasson and P.C. van Oorschot and Robert Biddle},
title = {A Usability Study and Critique of Two Password Managers },
booktitle = {15th USENIX Security Symposium (USENIX Security 06)},
year = {2006},
address = {Vancouver, B.C. Canada},
url = {https://www.usenix.org/conference/15th-usenix-security-symposium/usability-study-and-critique-two-password-managers},
publisher = {USENIX Association},
month = jul
}
connect with us