Abstract
Proposed in response to the growing number of passwords users have to memorize, password managers allow to store one’s credentials, either on a third-party server (online password manager), or on a portable device (portable password manager) such as a mobile phone or a USB key. In this paper, we present a comparative usability study of three popular password managers: an online manager (LastPass), a phone manager (KeePassMobile) and a USB manager (Roboform2Go). Our study provides valuable insights on average users’ perception of security and usability of the three password management approaches. We find, contrary to our intuition, that users overall prefer the two portable managers over the online manager, despite the better usability of the latter. Also, surprisingly, our non-technical pool of users shows a strong inclination towards the phone manager. These findings can generally be credited to the fact that the users were not comfortable giving control of their passwords to an online entity and preferred to manage their passwords themselves on their own portable devices. Our results prompt the need for research on developing user-friendly and secure phone managers, owing to the ubiquity of mobile phones.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gabber, E., Gibbons, P.B., Matias, Y., Mayer, A.J.: How to make personalized web browsing simple, secure, and anonymous. In: Proceedings of Financial Cryptography 1997, Anguilla, West Indies, pp. 17–32 ( February 1997)
Halderman, A., Waters, B., Felten, E.: A convenient method for securely managing passwords. In: Proceedings of the 2005 World Wide Web Conference, Chiba, Japan, pp. 471–479 (May 2005)
Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Security and Privacy 2(5), 25–31 (2004)
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)
Siber Systems. Roboform password manager (2009), http://www.roboform.com
LastPass. Lastpass password manager (2009), https://lastpass.com
Mozilla Labs. Weave sync (2009), http://labs.mozilla.com/projects/weave
Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.C.: Stronger password authentication using browser extensions. In: USENIX Security Symposium (2005)
Reichl, D.: Keepassmobile (2009), http://www.keepassmobile.com
Openintents safe (2009), http://www.openintents.org/en/node/205
Sonia Chiasson, P., van Oorschot, C., Biddle, R.: A usability study and critique of two password managers. In: USENIX Security Symposium (2006)
Dhamija, R., Dusseault, L.: The seven flaws of identity management: Usability and security challenges. IEEE Security and Privacy (2008)
Handypassword, http://www.handypassword.com/login_password_manager_terms/usb_password_manager.shtml
Pc magazine: Password managers & form fillers, http://www.pcmag.com/article2/0,2817,1791459,00.asp
Password management software review (2009), http://password-management-software-review.toptenreviews.com/
Imation 2gb usb thumb drive: Specifications, http://www.pcmall.com/p/Imation-Removable-Hard-Drives/product~dpno~517643~pdp.cggiicj
Nokia 5310 mobile phone: Specifications, http://europe.nokia.com/find-products/devices/nokia-5310-xpressmusic
Browser statistics, http://www.w3schools.com/browsers/browsers_stats.asp
Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy (2007)
Cohen, J., Cohen, P., West, S.G., Aiken, L.S.: Applied multiple regression/correlation analysis for the behavioral sciences (1983)
Frokjaer, E., Hertzum, M., Hornbaek, K.: Measuring usability: are effectiveness, efficiency, and satisfaction really correlated. In: SIGCHI Conference on Human Factors in Computing Systems (2000)
Kaiser, H.F.: The application of electronic computers to factor analysis. Educational and Psychological Measurement 20(1), 141–151 (1960)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Karole, A., Saxena, N., Christin, N. (2011). A Comparative Usability Evaluation of Traditional Password Managers. In: Rhee, KH., Nyang, D. (eds) Information Security and Cryptology - ICISC 2010. ICISC 2010. Lecture Notes in Computer Science, vol 6829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24209-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-24209-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24208-3
Online ISBN: 978-3-642-24209-0
eBook Packages: Computer ScienceComputer Science (R0)