Abstract
We carry out a hybrid lab and field study of a password manager program, and report on usability and security. Our study explores iPMAN, a browser-based password manager that in addition uses a graphical password scheme for the master password. We present our findings as a set of observations and insights expected to be of interest both to those exploring password managers, and graphical passwords.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Bharat, L., Marais, A.: System and method for generating unique passwords. US Patent 6141760 (1997)
Bicakci, K., Atalay, N.B., Yuceel, M., Gurbaslar, H., Erdeniz, B.: Towards Usable Solutions to Graphical Password Hotspot Problem. In: 33rd Annual IEEE Int. Computer Software and Applications Conference (2009)
Bicakci, K., Atalay, N.B., Yuceel, M., van Oorschot, P.C.: Exploration and Field Study of a Password Manager using Icon-based Passwords. Technical Report, School of Computer Science, Carleton University (April 2011)
Bicakci, K., Yuceel, M., Erdeniz, B., Gurbaslar, H., Atalay, N.B.: Graphical passwords as browser extension: Implementation and usability study. In: 3rd IFIP WG 11.11 Int. Conf. on Trust Management (2009)
Bonneau, J., Preibusch, S.: The Password Thicket: Technical and Market Failures in Human Authentication on the Web. In: 9th Workshop on the Economics of Information Security, WEIS (2010)1
Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.C.: Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. In: BCS-HCI, Liverpool, U.K (2008)
Chiasson, S., van Oorschot, P.C., Biddle, R.: A Usability Study and Critique of Two Password Managers. In: USENIX Security (2006)
Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: USENIX Security (2004)
Florencio, D., Herley, C.: A large-scale study of web password habits. In: 16th Int. Conf. World Wide Web, WWW 2007 (2007)
Fogg, B.J.: Persuasive Technologies: Using Computers to Change What We Think and Do. Morgan Kaufmann Publishers, San Francisco (2003)
Gaber, E., Gobbons, P., Mattias, Y., Mayer, A.: How to Make Personalized Web Browsing Simple, Secure, and Anonymous. In: Luby, M., Rolim, J.D.P., Serna, M. (eds.) FC 1997. LNCS, vol. 1318, pp. 17–32. Springer, Heidelberg (1997)
Govindarajulu, N., Madhvanath, S.: Password management using doodles. In: 9th International Conference on Multimodal Interfaces, ICMI (November 2007)
Guttmann, P.: Manuscript chapters, Usable Security, http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf
Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: 14th International Conf. on World Wide Web, WWW 2005 (2005)
Herley, C.: So long, and no thanks for the externalities: The rational rejection of security advice by users. In: NSPW 2009 (2009)
Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: 8th USENIX Security (1999)
Jung, E.: Passwordmaker, http://passwordmaker.mozdev.org
Lastpass, http://lastpass.com/
Kintsch, W.: Models for free recall and recognition. In: Norman, D.A. (ed.) Models of Human Memory. Academic Press, New York (1970)
Mac OS X Reference Library. KeyChain Services Programming Guide, http://developer.apple.com/library/mac/navigation
OpenID Foundation, http://openid.net/
van Overschelde, P., Rawson, K.A., Dunlosky, J.: Category norms: An updated and expanded version of the Battig and Montague. norms. Journal of Memory and Language 50, 289–335 (2004)
Password Safe, http://passwordsafe.sourceforge.net/
la Poutre, J.: Password composer, http://www.xs4all.nl/~jlpoutre/BoT/Javascript/PasswordComposer/
Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger password authentication using browser extensions. In: USENIX Security (2005)
Sun, S.-T., Boshmaf, Y., Hawkey, K., Beznosov, K.: A Billion Keys, but Few Locks: The Crisis of Web Single Sing-On. In: NSPW 2010 (2010)
Tao, H., Adams, C.: Pass-Go: A proposal to improve the usability of graphical passwords. International Journal of Network Security 7(2) (2008)
Thorpe, J., van Oorschot, P.C.: Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In: USENIX Security (2008)
Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63(1-2) (2005)
Yee, K., Sitaker, K.: Passpet: convenient password management and phishing protection. In: SOUPS (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bicakci, K., Atalay, N.B., Yuceel, M., van Oorschot, P.C. (2012). Exploration and Field Study of a Password Manager Using Icon-Based Passwords. In: Danezis, G., Dietrich, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29889-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-29889-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29888-2
Online ISBN: 978-3-642-29889-9
eBook Packages: Computer ScienceComputer Science (R0)