Communications of the ACM
Measuring usability: are effectiveness, efficiency, and satisfaction really correlated?
Proceedings of the SIGCHI conference on Human Factors in Computing Systems
Password security: a case history
Communications of the ACM
How to Make Personalized Web Browising Simple, Secure, and Anonymous
FC '97 Proceedings of the First International Conference on Financial Cryptography
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
The Seven Flaws of Identity Management: Usability and Security Challenges
IEEE Security and Privacy
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Exploring mobile proxies for better password authentication
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
Proposed in response to the growing number of passwords users have to memorize, password managers allow to store one's credentials, either on a third-party server (online password manager), or on a portable device (portable password manager) such as a mobile phone or a USB key. In this paper, we present a comparative usability study of three popular password managers: an online manager (LastPass), a phone manager (KeePassMobile) and a USB manager (Roboform2Go). Our study provides valuable insights on average users' perception of security and usability of the three password management approaches. We find, contrary to our intuition, that users overall prefer the two portable managers over the online manager, despite the better usability of the latter. Also, surprisingly, our non-technical pool of users shows a strong inclination towards the phone manager. These findings can generally be credited to the fact that the users were not comfortable giving control of their passwords to an online entity and preferred to manage their passwords themselves on their own portable devices. Our results prompt the need for research on developing user-friendly and secure phone managers, owing to the ubiquity of mobile phones.