Systematization of Password Manager Use Cases and Design Paradigms

James Simmons, Oumar Diallo, Sean Oesch, and Scott Ruoti

Despite efforts to replace them, passwords remain the primary form of authentication on the web. Password managers seek to address many of the problems with passwords by helping users generate, store, and fill strong and unique passwords. Even though experts frequently recommend password managers, there is limited information regarding their usability. To aid in designing such usability studies, we systematize password manager use cases, identifying ten essential use cases, three recommended use cases, and four extended use cases. We also systematize the system designs employed to satisfy these use cases, designs that should be examined in usability studies to understand their relative strengths and weaknesses. Finally, we describe observations from 136 cognitive walkthroughs exploring the identified essential use cases in eight popular managers. Ultimately, we expect that this work will serve as the foundation for an explosion of new research into the usability of password managers.

James Simmons, Oumar Diallo, Sean Oesch, and Scott Ruoti. 2021. Systematization of password manager use cases and design paradigms. In Proceedings of the 37th Annual Computer Security Applications Conference. ACM.