The main purposes of a Password Manager (PM) areto handle and securely store the users’ passwords from different services and simplifythe login process.A PMshouldrelieve the users from thetedious task of constantly rememberingand frequently recalling theirlogin credentials.Quite often though,due tothePM’ s poor usability and because of limited user-experience, users encounter difficultiesto perform evenbasic actionssuch as safelogin while using a password manager.Consequently, security is compromisedand this, sometimes, is considered as an inevitable fact that needs to be accepted. A number of studies have analyzed and discussed the usability and security of various proprietary and open-source password managers. These research studiesattempted to address different crucial aspects of a password manager.First theylimited their analyses and discussions to only particular properties or considering specific applications only. Second their results vary and contradict each other. Due to these reasons, their research findings, though important, they are rather incomprehensible for the designers of password managers. Hence, in this paperwe further focused on investigating and determiningproperties and features,which can elevatethe usability and security in password managerswith a prospect of providing practical, simple and useful guidelines for building a usable password manager. For this reason, we performeda systematic literature review. Inso doing, we selected thirty two articles available in the ACM Digital Library, IEEE Xplore Digital Library, Springer Link, and ELSEVIER ScienceDirect, in order to collect their coherent outcomes associated with usability and security. The main research outcomesof this work arepresentedin this paper. In essence, wededuce and present meaningful and trustworthy suggestions for realizing a usable password manager.
Sunil Chauhary (University of Tampere), Tiina Schafeitel-Tähtinen, Marko Helenius (Tampere University of Technology), Eleni Berki (University of Tampere, University of Jyväskylä): Usability and Security in Password Managers: A Quest for User-Centric Properties and Features
Presented at DIMECC seminar 2016