Adryana Hutchinson (The George Washington University), Jinwei Tang (Clark University), Adam Aviv (The George Washington University), Peter Story (Clark University)

To protect their security, users are instructed to use unique passwords for all their accounts. Password managers make this possible, as they can generate, store, and autofill passwords within a user’s browser. Unfortunately, prior work has identified usability issues which may deter users from using password managers. In this paper, we measure the prevalence of usability issues affecting four popular password managers (Chrome, Safari, Bitwarden, and Keeper). We tested these password managers with their out-of-the-box settings on 60 randomly sampled websites. We show that users are likely to encounter issues using password managers during account registration and authentication. We found that usability issues were widespread, but varied by password manager. Common issues included password managers not prompting the user to generate passwords, autofilling web forms incorrectly or not at all, and generating passwords that were incompatible with websites’ password policies. We found that Chrome and Safari had fewer interaction issues than the other password managers we tested. We conclude by suggesting ways that websites and password managers can improve their compatibility with each other. For example, we recommend that password managers tailor their passwords to websites’ requirements (like Chrome and Safari), or adopt alphanumeric-only password generation by default (like Bitwarden).

View More Papers

LMSanitator: Defending Prompt-Tuning Against Task-Agnostic Backdoors

Chengkun Wei (Zhejiang University), Wenlong Meng (Zhejiang University), Zhikun Zhang (CISPA Helmholtz Center for Information Security and Stanford University), Min Chen (CISPA Helmholtz Center for Information Security), Minghu Zhao (Zhejiang University), Wenjing Fang (Ant Group), Lei Wang (Ant Group), Zihui Zhang (Zhejiang University), Wenzhi Chen (Zhejiang University)

Read More

SOC Service Areas: Identification, Prioritization, and Implementation

Christopher Rodman, Breanna Kraus, Justin Novak (SEI/CERT)

Read More

Certificate Transparency Revisited: The Public Inspections on Third-party Monitors

Aozhuo Sun (Institute of Information Engineering, Chinese Academy of Sciences), Jingqiang Lin (School of Cyber Science and Technology, University of Science and Technology of China), Wei Wang (Institute of Information Engineering, Chinese Academy of Sciences), Zeyan Liu (The University of Kansas), Bingyu Li (School of Cyber Science and Technology, Beihang University), Shushang Wen (School of…

Read More