Password security: a case history
Communications of the ACM
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Passwords: If We're So Smart, Why Are We Still Using Them?
Financial Cryptography and Data Security
A diary study of password usage in daily life
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
One of the most popular aids adopted by users to reduce the pain suffered from the use of passwords is browsers' autocomplete feature. This feature, caching username and password after getting the user consent and using them later for automatic completion, is available in all modern browsers but communication with the user asking consent is implemented in different ways. In this paper, we report on user studies comparing active communication with a blocking dialog box and passive communication with a non-intrusive toolbar. We found that a dialog box misled users to save passwords in public computers. Conversely, no security problem was observed with passive communication. Our exploration provides empirical evidence for the risks of preferring active communication for password autocomplete and other similar interactions and sheds light on many other aspects of password autocomplete.