CISPA
Browse
cispa_all_3440.pdf (338.25 kB)

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

Download (338.25 kB)
conference contribution
posted on 2023-11-29, 18:16 authored by Nicolas Huaman, Sabrina AmftSabrina Amft, Marten OltroggeMarten Oltrogge, Yasemin Acar, Sascha FahlSascha Fahl
Password managers are tools to support users with the secure generation and storage of credentials and logins used in online accounts. Previous work illustrated that building password managers means facing various security and usability challenges. For strong security and good usability, the interaction between password managers and websites needs to be smooth and effortless. However, user reviews for popular password managers suggest interaction problems for some websites. Therefore, to the best of our knowledge, this work is the first to systematically identify these interaction problems and investigate how 15 desktop password managers, including the ten most popular ones, are affected. We use a qualitative analysis approach to identify 39 interaction problems from 2,947 user reviews and 372 GitHub issues for 30 password managers. Next, we implement minimal working examples (MWEs) for all interaction problems we found and evaluate them for all password managers in 585 test cases. Our results illustrate that a) password managers struggle to correctly implement authentication features such as HTTP Basic Authentication and modern standards such as the autocompleteattribute and b) websites fail to implement clean and wellstructured authentication forms. We conclude that some of our findings can be addressed by either PWM providers or webdevelopers by adhering to already existing standards, recommendations and best practices, while other cases are currently almost impossible to implement securely and require further research.

History

Preferred Citation

Nicolas Huaman, Sabrina Amft, Marten Oltrogge, Yasemin Acar and Sascha Fahl. They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites. In: IEEE Symposium on Security and Privacy (S&P). 2021.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

IEEE Symposium on Security and Privacy (S&P)

Legacy Posted Date

2021-07-05

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3440, title = "They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites", author = "Huaman, Nicolas and Amft, Sabrina and Oltrogge, Marten and Acar, Yasemin and Fahl, Sascha", booktitle="{IEEE Symposium on Security and Privacy (S&P)}", year="2021", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC