Details
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023) |
| Pages | 171-190 |
| Number of pages | 20 |
| ISBN (electronic) | 9781939133366 |
| Publication status | Published - 2023 |
| Event | 19th Symposium on Usable Privacy and Security, SOUPS 2023 - Anaheim, United States Duration: 7 Aug 2023 → 8 Aug 2023 |
Abstract
Password managers allow users to improve password security by handling large numbers of strong and unique passwords without the burden of memorizing them. While users are encouraged to add all credentials to their password manager and update weak credentials, this task can require significant effort and thus jeopardize security benefits if not completed thoroughly. However, user strategies to add credentials, related obstacles, and their security implications are not well understood. To address this gap in security research, we performed a mixed-methods study, including expert reviews of 14 popular password managers and an online survey with 279 users of built-in and third-party password managers. We extend previous work by examining the status quo of password manager setup features and investigating password manager users’ setup strategies. We confirm previous research and find that many participants utilize password managers for convenience, not as a security tool. They most commonly add credentials whenever a website is visited, and prioritize what they add. Similarly, passwords are often only updated when they are considered insecure. Additionally, we observe a severe distrust towards password managers, leading to users not adding important passwords. We conclude our work by giving recommendations for password manager developers to help users overcome the obstacles we identified.
ASJC Scopus subject areas
- Computer Science(all)
- Computer Networks and Communications
- Engineering(all)
- Safety, Risk, Reliability and Quality
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
Proceedings of the Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023). 2023. p. 171-190.
Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review
}
TY - GEN
T1 - “Would You Give the Same Priority to the Bank and a Game? I Do Not!”
T2 - 19th Symposium on Usable Privacy and Security, SOUPS 2023
AU - Amft, Sabrina
AU - Höltervennhoff, Sandra
AU - Huaman, Nicolas
AU - Acar, Yasemin
AU - Fahl, Sascha
N1 - Funding Information We thank all participants for their valuable time and insights shared with us. Funded by the Deutsche Forschungsgemein-schaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA – 390781972.
PY - 2023
Y1 - 2023
N2 - Password managers allow users to improve password security by handling large numbers of strong and unique passwords without the burden of memorizing them. While users are encouraged to add all credentials to their password manager and update weak credentials, this task can require significant effort and thus jeopardize security benefits if not completed thoroughly. However, user strategies to add credentials, related obstacles, and their security implications are not well understood. To address this gap in security research, we performed a mixed-methods study, including expert reviews of 14 popular password managers and an online survey with 279 users of built-in and third-party password managers. We extend previous work by examining the status quo of password manager setup features and investigating password manager users’ setup strategies. We confirm previous research and find that many participants utilize password managers for convenience, not as a security tool. They most commonly add credentials whenever a website is visited, and prioritize what they add. Similarly, passwords are often only updated when they are considered insecure. Additionally, we observe a severe distrust towards password managers, leading to users not adding important passwords. We conclude our work by giving recommendations for password manager developers to help users overcome the obstacles we identified.
AB - Password managers allow users to improve password security by handling large numbers of strong and unique passwords without the burden of memorizing them. While users are encouraged to add all credentials to their password manager and update weak credentials, this task can require significant effort and thus jeopardize security benefits if not completed thoroughly. However, user strategies to add credentials, related obstacles, and their security implications are not well understood. To address this gap in security research, we performed a mixed-methods study, including expert reviews of 14 popular password managers and an online survey with 279 users of built-in and third-party password managers. We extend previous work by examining the status quo of password manager setup features and investigating password manager users’ setup strategies. We confirm previous research and find that many participants utilize password managers for convenience, not as a security tool. They most commonly add credentials whenever a website is visited, and prioritize what they add. Similarly, passwords are often only updated when they are considered insecure. Additionally, we observe a severe distrust towards password managers, leading to users not adding important passwords. We conclude our work by giving recommendations for password manager developers to help users overcome the obstacles we identified.
UR - http://www.scopus.com/inward/record.url?scp=85179852730&partnerID=8YFLogxK
UR - https://edocs.tib.eu/files/e01mr23/1865754641.pdf
M3 - Conference contribution
AN - SCOPUS:85179852730
SP - 171
EP - 190
BT - Proceedings of the Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)
Y2 - 7 August 2023 through 8 August 2023
ER -