Adryana Hutchinson (The George Washington University), Jinwei Tang (Clark University), Adam Aviv (The George Washington University), Peter Story (Clark University)

To protect their security, users are instructed to use unique passwords for all their accounts. Password managers make this possible, as they can generate, store, and autofill passwords within a user’s browser. Unfortunately, prior work has identified usability issues which may deter users from using password managers. In this paper, we measure the prevalence of usability issues affecting four popular password managers (Chrome, Safari, Bitwarden, and Keeper). We tested these password managers with their out-of-the-box settings on 60 randomly sampled websites. We show that users are likely to encounter issues using password managers during account registration and authentication. We found that usability issues were widespread, but varied by password manager. Common issues included password managers not prompting the user to generate passwords, autofilling web forms incorrectly or not at all, and generating passwords that were incompatible with websites’ password policies. We found that Chrome and Safari had fewer interaction issues than the other password managers we tested. We conclude by suggesting ways that websites and password managers can improve their compatibility with each other. For example, we recommend that password managers tailor their passwords to websites’ requirements (like Chrome and Safari), or adopt alphanumeric-only password generation by default (like Bitwarden).

View More Papers

WIP: A Trust Assessment Method for In-Vehicular Networks using...

Artur Hermann, Natasa Trkulja (Ulm University - Institute of Distributed Systems), Anderson Ramon Ferraz de Lucena, Alexander Kiening (DENSO AUTOMOTIVE Deutschland GmbH), Ana Petrovska (Huawei Technologies), Frank Kargl (Ulm University - Institute of Distributed Systems)

Read More

Leaking the Privacy of Groups and More: Understanding Privacy...

Jiangrong Wu (Sun Yat-sen University), Yuhong Nan (Sun Yat-sen University), Luyi Xing (Indiana University Bloomington), Jiatao Cheng (Sun Yat-sen University), Zimin Lin (Alibaba Group), Zibin Zheng (Sun Yat-sen University), Min Yang (Fudan University)

Read More

EnclaveFuzz: Finding Vulnerabilities in SGX Applications

Liheng Chen (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Institute for Network Science and Cyberspace of Tsinghua University), Zheming Li (Institute for Network Science and Cyberspace of Tsinghua University), Zheyu Ma (Institute for Network Science and Cyberspace of Tsinghua University), Yuan Li (Tsinghua University),…

Read More

Binary Code Patching: An Ancient Art Refined for the...

Dr. Barton P. Miller (Vilas Distinguished Achievement Professor at The University of Wisconsin-Madison)

Read More