Usability of anonymous web browsing: an examination of Tor interfaces and deployability
Proceedings of the 3rd symposium on Usable privacy and security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Privacy-enhanced sharing of personal content on the web
Proceedings of the 17th international conference on World Wide Web
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
Securing passfaces for description
Proceedings of the 4th symposium on Usable privacy and security
Persuasion for Stronger Passwords: Motivation and Pilot Study
PERSUASIVE '08 Proceedings of the 3rd international conference on Persuasive Technology
Lessons from brain age on persuasion for computer security
CHI '09 Extended Abstracts on Human Factors in Computing Systems
Influencing users towards better passwords: persuasive cued click-points
BCS-HCI '08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1
Usability meets access control: challenges and research opportunities
Proceedings of the 14th ACM symposium on Access control models and technologies
Choose the red pill and the blue pill: a position paper
Proceedings of the 2008 workshop on New security paradigms
SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Proceedings of the 11th international conference on Ubiquitous computing
Multiple password interference in text passwords and click-based graphical passwords
Proceedings of the 16th ACM conference on Computer and communications security
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure passwords through enhanced hashing
LISA'09 Proceedings of the 23rd conference on Large installation system administration
System security, platform security and usability
Proceedings of the fifth ACM workshop on Scalable trusted computing
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Exploring usability effects of increasing security in click-based graphical passwords
Proceedings of the 26th Annual Computer Security Applications Conference
TaintEraser: protecting sensitive data leaks using application-level taint tracking
ACM SIGOPS Operating Systems Review
A comparative usability evaluation of traditional password managers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
An efficient user verification system via mouse movements
Proceedings of the 18th ACM conference on Computer and communications security
PhorceField: a phish-proof password ceremony
Proceedings of the 27th Annual Computer Security Applications Conference
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Exploration and field study of a password manager using icon-based passwords
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Strengthening user authentication through opportunistic cryptographic identity assertions
Proceedings of the 2012 ACM conference on Computer and communications security
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
The usability of truecrypt, or how i learned to stop whining and fix an interface
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the third ACM conference on Data and application security and privacy
SMARTPROXY: secure smartphone-assisted login on compromised machines
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
| Hi-index | 0.00 |
We present a usability study of two recent password manager proposals: PwdHash (Ross et al., 2005) and Password Multiplier (Halderman et al., 2005). Both papers considered usability issues in greater than typical detail, the former briefly reporting on a small usability study; both also provided implementations for download. Our study involving 26 users found that both proposals suffer from major usability problems. Some of these are not "simply" usability issues, but rather lead directly to security exposures. Not surprisingly, we found the most significant problems arose from users having inaccurate or incomplete mental models of the software. Our study revealed many interesting misunderstandings D for example, users reporting a task as easy even when unsuccessful at completing that task; and believing their passwords were being strengthened when in fact they had failed to engage the appropriate protection mechanism. Our findings also suggested that ordinary users would be reluctant to optin to using these managers: users were uncomfortable with "relinquishing control" of their passwords to a manager, did not feel that they needed the password managers, or that the managers provided greater security.