A Comparative Usability Evaluation of Traditional Password Managers

  • Ambarish Karole
  • Nitesh Saxena
  • Nicolas Christin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6829)

Abstract

Proposed in response to the growing number of passwords users have to memorize, password managers allow to store one’s credentials, either on a third-party server (online password manager), or on a portable device (portable password manager) such as a mobile phone or a USB key. In this paper, we present a comparative usability study of three popular password managers: an online manager (LastPass), a phone manager (KeePassMobile) and a USB manager (Roboform2Go). Our study provides valuable insights on average users’ perception of security and usability of the three password management approaches. We find, contrary to our intuition, that users overall prefer the two portable managers over the online manager, despite the better usability of the latter. Also, surprisingly, our non-technical pool of users shows a strong inclination towards the phone manager. These findings can generally be credited to the fact that the users were not comfortable giving control of their passwords to an online entity and preferred to manage their passwords themselves on their own portable devices. Our results prompt the need for research on developing user-friendly and secure phone managers, owing to the ubiquity of mobile phones.

Keywords

Mobile Phone Portable Device Remote Server Good Usability Usability Measure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Gabber, E., Gibbons, P.B., Matias, Y., Mayer, A.J.: How to make personalized web browsing simple, secure, and anonymous. In: Proceedings of Financial Cryptography 1997, Anguilla, West Indies, pp. 17–32 ( February 1997)Google Scholar
  2. 2.
    Halderman, A., Waters, B., Felten, E.: A convenient method for securely managing passwords. In: Proceedings of the 2005 World Wide Web Conference, Chiba, Japan, pp. 471–479 (May 2005)Google Scholar
  3. 3.
    Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)CrossRefGoogle Scholar
  4. 4.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Security and Privacy 2(5), 25–31 (2004)CrossRefGoogle Scholar
  5. 5.
    Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)CrossRefGoogle Scholar
  6. 6.
    Siber Systems. Roboform password manager (2009), http://www.roboform.com
  7. 7.
    LastPass. Lastpass password manager (2009), https://lastpass.com
  8. 8.
    Mozilla Labs. Weave sync (2009), http://labs.mozilla.com/projects/weave
  9. 9.
    Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.C.: Stronger password authentication using browser extensions. In: USENIX Security Symposium (2005)Google Scholar
  10. 10.
    Reichl, D.: Keepassmobile (2009), http://www.keepassmobile.com
  11. 11.
    Openintents safe (2009), http://www.openintents.org/en/node/205
  12. 12.
    Sonia Chiasson, P., van Oorschot, C., Biddle, R.: A usability study and critique of two password managers. In: USENIX Security Symposium (2006)Google Scholar
  13. 13.
    Dhamija, R., Dusseault, L.: The seven flaws of identity management: Usability and security challenges. IEEE Security and Privacy (2008)Google Scholar
  14. 14.
  15. 15.
    Pc magazine: Password managers & form fillers, http://www.pcmag.com/article2/0,2817,1791459,00.asp
  16. 16.
    Password management software review (2009), http://password-management-software-review.toptenreviews.com/
  17. 17.
  18. 18.
  19. 19.
  20. 20.
    Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy (2007)Google Scholar
  21. 21.
    Cohen, J., Cohen, P., West, S.G., Aiken, L.S.: Applied multiple regression/correlation analysis for the behavioral sciences (1983)Google Scholar
  22. 22.
    Frokjaer, E., Hertzum, M., Hornbaek, K.: Measuring usability: are effectiveness, efficiency, and satisfaction really correlated. In: SIGCHI Conference on Human Factors in Computing Systems (2000)Google Scholar
  23. 23.
    Kaiser, H.F.: The application of electronic computers to factor analysis. Educational and Psychological Measurement 20(1), 141–151 (1960)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ambarish Karole
    • 1
  • Nitesh Saxena
    • 1
  • Nicolas Christin
    • 2
  1. 1.Polytechnic Institute of New York UniversityUSA
  2. 2.Carnegie Mellon UniversityUSA

Personalised recommendations