Skip to main content
SpringerLink
Log in

A Comparative Usability Evaluation of Traditional Password Managers

  • Conference paper
Book cover Information Security and Cryptology - ICISC 2010 (ICISC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6829))

Included in the following conference series:

Abstract

Proposed in response to the growing number of passwords users have to memorize, password managers allow to store one’s credentials, either on a third-party server (online password manager), or on a portable device (portable password manager) such as a mobile phone or a USB key. In this paper, we present a comparative usability study of three popular password managers: an online manager (LastPass), a phone manager (KeePassMobile) and a USB manager (Roboform2Go). Our study provides valuable insights on average users’ perception of security and usability of the three password management approaches. We find, contrary to our intuition, that users overall prefer the two portable managers over the online manager, despite the better usability of the latter. Also, surprisingly, our non-technical pool of users shows a strong inclination towards the phone manager. These findings can generally be credited to the fact that the users were not comfortable giving control of their passwords to an online entity and preferred to manage their passwords themselves on their own portable devices. Our results prompt the need for research on developing user-friendly and secure phone managers, owing to the ubiquity of mobile phones.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gabber, E., Gibbons, P.B., Matias, Y., Mayer, A.J.: How to make personalized web browsing simple, secure, and anonymous. In: Proceedings of Financial Cryptography 1997, Anguilla, West Indies, pp. 17–32 ( February 1997)

    Google Scholar 

  2. Halderman, A., Waters, B., Felten, E.: A convenient method for securely managing passwords. In: Proceedings of the 2005 World Wide Web Conference, Chiba, Japan, pp. 471–479 (May 2005)

    Google Scholar 

  3. Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  4. Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Security and Privacy 2(5), 25–31 (2004)

    Article  Google Scholar 

  5. Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)

    Article  Google Scholar 

  6. Siber Systems. Roboform password manager (2009), http://www.roboform.com

  7. LastPass. Lastpass password manager (2009), https://lastpass.com

  8. Mozilla Labs. Weave sync (2009), http://labs.mozilla.com/projects/weave

  9. Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.C.: Stronger password authentication using browser extensions. In: USENIX Security Symposium (2005)

    Google Scholar 

  10. Reichl, D.: Keepassmobile (2009), http://www.keepassmobile.com

  11. Openintents safe (2009), http://www.openintents.org/en/node/205

  12. Sonia Chiasson, P., van Oorschot, C., Biddle, R.: A usability study and critique of two password managers. In: USENIX Security Symposium (2006)

    Google Scholar 

  13. Dhamija, R., Dusseault, L.: The seven flaws of identity management: Usability and security challenges. IEEE Security and Privacy (2008)

    Google Scholar 

  14. Handypassword, http://www.handypassword.com/login_password_manager_terms/usb_password_manager.shtml

  15. Pc magazine: Password managers & form fillers, http://www.pcmag.com/article2/0,2817,1791459,00.asp

  16. Password management software review (2009), http://password-management-software-review.toptenreviews.com/

  17. Imation 2gb usb thumb drive: Specifications, http://www.pcmall.com/p/Imation-Removable-Hard-Drives/product~dpno~517643~pdp.cggiicj

  18. Nokia 5310 mobile phone: Specifications, http://europe.nokia.com/find-products/devices/nokia-5310-xpressmusic

  19. Browser statistics, http://www.w3schools.com/browsers/browsers_stats.asp

  20. Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy (2007)

    Google Scholar 

  21. Cohen, J., Cohen, P., West, S.G., Aiken, L.S.: Applied multiple regression/correlation analysis for the behavioral sciences (1983)

    Google Scholar 

  22. Frokjaer, E., Hertzum, M., Hornbaek, K.: Measuring usability: are effectiveness, efficiency, and satisfaction really correlated. In: SIGCHI Conference on Human Factors in Computing Systems (2000)

    Google Scholar 

  23. Kaiser, H.F.: The application of electronic computers to factor analysis. Educational and Psychological Measurement 20(1), 141–151 (1960)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Polytechnic Institute of New York University, USA

    Ambarish Karole & Nitesh Saxena

  2. Carnegie Mellon University, USA

    Nicolas Christin

Authors
  1. Ambarish Karole
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nitesh Saxena
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicolas Christin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of IT Convergence Application Engineering, Pukyong National University, 599-1 Daeyeon 3-Dong Namgu, 608-737, Busan, Republic of Korea

    Kyung-Hyune Rhee

  2. Department of Computer Science and Information Technology, INHA University, 253 Yonghyun-dong, Nam-gu, 402-751, Incheon, Republic of Korea

    DaeHun Nyang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Karole, A., Saxena, N., Christin, N. (2011). A Comparative Usability Evaluation of Traditional Password Managers. In: Rhee, KH., Nyang, D. (eds) Information Security and Cryptology - ICISC 2010. ICISC 2010. Lecture Notes in Computer Science, vol 6829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24209-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24209-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24208-3

  • Online ISBN: 978-3-642-24209-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation