We are excited to announce that we have received two NSF grants supporting our research.
[Read More]News
We are excited to announce that we have a paper accepted at CHI ‘22. “It Basically Started Using Me:” An Observational Study of Password Manager Usage. In this paper, we find that many users simultaneously use both a browser-based and a third-party manager, using each as a backup for the other, with this new paradigm having intriguing usability and security implications. Users also eschew generated passwords because these passwords are challenging to enter and remember when the manager is unavailable, necessitating new generators that create easy-to-enter and remember passwords. Additionally, the credential audits provided by most managers overwhelm users, limiting their utility and indicating a need for more proactive and streamlined notification systems. We also discuss mobile usage, adoption and promotion, and other related topics.
We just had two excellent presentations on our research given at ACSAC 2021! You can view these talks on their respective pages. First, The Emperor’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android. This paper examines the security of password autofill frameworks built into Android and iOS, finding significant issues with each. Second, Systematization of Password Manager Use Cases and Design Paradigms. This paper systematizes how users leverage password managers and how password managers are implemented to support those use cases. This is a critical paper for anyone looking to design user studies of password managers.
We are excited to have two papers accepted at ACSAC 2021! First, The Emperor’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android. This paper examines the security of password autofill frameworks built into Android and iOS, finding significant issues with each. Second, Systematization of Password Manager Use Cases and Design Paradigms. This paper systematizes how users leverage password managers and how password managers are implemented to support those use cases. This is a critical paper for anyone looking to design user studies of password managers.
Jeremy Clark recently presented on our systematization of knowledge on securing email SoK: Securing Email—A Stakeholder-Based Analysis at the 2021 International Conference on Financial Cryptography and Data Security (FC). This paper helps describe the evolution of secure email, the challenges preventing widespread adoption, and directions for future project. Click on the link to the paper to see the video of the presentation.