Cryptography Reference
In-Depth Information
We can broadly distinguish between three categories of password managers: desk-
top manager, online manager and portable manager. A desktop manager (e.g., Mozilla
Firefox, Apple MacOS Keychain, RoboForm [6]) stores strong passwords on the user's
desktop (i.e., on the terminal used for authentication) while an online manager (e.g.,
LastPass [7] and Mozilla Weave Sync [8]) stores them on remote third-party server(s).
1
A portable manager, on the other hand, stores strong passwords on user's portable de-
vice. Among portable managers, we can further identify two different types: phone-
based password managers (e.g., KeePassMobile for J2ME enabled devices [10] and
OpenIntents Safe for Android [11]) and USB-based password managers (e.g., Robo-
form2Go for USB devices [6]).
In each of these approaches, the strong passwords are typically protected using a
master password; at the time of recalling a specific password, the user simply types in
her master password. If a user is mobile and uses multiple terminals for authentication
(e.g., her desktop at home and her laptop in the office), a desktop manager would not
offer any portability to the user. We, therefore, do not consider desktop managers to be
of much benefit on their own.
The online and portable managers have their own pros and cons. An online man-
ager, although portable, requires the user to trust the third-party service provider(s).
Since user's passwords would typically be encrypted using her master password and
then stored on remote server(s), they might be vulnerable to offline dictionary attacks.
Imagine if all users were to use a remote manager, the passwords corresponding to all of
them might be susceptible to an adversarial break-in at the end of the server(s). More-
over, often proprietary, a remote manager might not offer the users any transparency in
outsourcing their sensitive information and how this information has been protected.
A portable manager can possibly be more trusted since it can be locally managed
by the user on her own trusted portable device. However, all existing phone managers
typically involve displaying a (long and possibly random) password on the portable
device, which the user is simply asked to copy onto the terminal. Typing in a such a
password might have poor usability. USB managers do not have this drawback, but
they may not offer a desired level of portability and accessibility to a modern user.
The goal of this paper is to formalize an evaluation of existing password managers,
by comparing them in terms of security, ease of use, necessity and level of acceptance,
as perceived by an average web user. To that effect, we present a comparative usabil-
ity study of three popular password managers: an online manager (LastPass), a phone
manager (KeePassMobile) and a USB manager (Roboform2Go).
Our study was performed with a sample of users controlled with respect to techni-
cal background (i.e, computer science students vs. non-technical “average” users). We
find, contrary to our intuition, that users overall preferred the two portable managers
over the online manager, despite the better usability of the latter. Surprisingly, the on-
line manager was the last choice for non-technical people, who mostly preferred the
1
Rather than storing passwords, another password management approach (e.g., PwdHash [9])
derives passwords on-the-fly, based on a master password and a specific variable, e.g. the
URL of the website to authenticate to. From the usability perspective, this approach and desk-
top/online managers are equivalent, in that they only require a master password to be memo-
rized/recalled.
Search WWH ::
Custom Search