Pithayuth Charnsethikul (University of Southern California), Anushka Fattepurkar (University of Southern California), Dipsy Desai (University of Southern California), Gale Lucas (University of Southern California), Jelena Mirkovic (University of Southern California)
We replicated the study by Mayer et al. [1] on password habits and password manager (PM) usage at a large private US university. We conducted an online survey (n=437) and found high awareness (96%) and usage (94%) of PMs, but limited use of password generation (26%) and substantial password reuse, with participants reusing more than half of their passwords. These findings are consistent with the original study. However, we found that participants were unlikely to adopt a free third-party PM offered by the university, contrary to the original findings. Extending the original study, we found that awareness of the free PM was low: only 35% knew about it, and its adoption was even lower, at just 15%. We also found that faculty had the strongest password habits, while students had the weakest. Based on our findings, we provide recommendations for increasing the use of password generation features, broadening adoption of an institution-provided PM, and guiding future replication efforts.