A Usability Study and Critique of Two Password Managers

Sonia Chiasson, PC van Oorschot ,

and Robert Biddle

Overview

• Introduce PwdHash and Password Multiplier

• Usability Testing

• Study Details and Results

• Lessons Learned - Usability

• Lessons Learned - Security

2/11

Password Managers

• Shift the burden of creating and remembering strong passwords away from users– easier for users– better protection

• eg. – PwdHash (USENIX Security 2005)– Password Multiplier(WWW2005)

3/11

PwdHash– @@ in front of passwords you

want to protect– potentially different user

passwords for each site

– one master password, only need to remember one password and it generates the others

– activate with Alt+P or double-clicking

Password Multiplier

hash(pwd, dom) = PRFpwd(dom)

V = fk1(username,master_pwd)

site_pwd=fk2(dom,master_pwd,V)

4/11

Usability Testing

• Is this usable? Are there problems?– Need to observe real users

• a few may not be enough

– Cannot just ask for users’ opinion

• “the user is not the weakest link – but your interface might be!”

5/11

Study Details• 26 participants

– various degree programs, only 4 with technical backgrounds

• data collection– observational data

• recording task outcomes, difficulties, obvious misconceptions, quotes

– questionnaire data• initial attitudes, opinion after each task, post questionnaires

• 5 tasks for each plug-in– balanced order– written instructions– think-aloud protocol

6/11

Task Completion ResultsSuccess Potentially Causing Security Exposures

Dangerous Success

Failures

Failure False Completion

Failed due to Previous

PwdHash

Log In 48% 44% 8% 0% N/A

Migrate Pwd 42% 35% 11% 11% N/A

Remote Login 27% 42% 31% 0% N/A

Update Pwd 19% 65% 8% 8% N/A

Second Login 52% 28% 4% 0% 16%

Password Multiplier

Log In 48% 44% 8% 0% N/A

Migrate Pwd 16% 32% 28% 20% N/A

Remote Login N/A N/A N/A N/A N/A

Update Pwd 16% 4% 44% 28% N/A

Second Login 16% 4% 16% 0% 16%

7/11

Questionnaire Responses

1

2

3

4

5

PerceivedSecurity

Giving Control Ease of Use PerceivedNecessity

PwdHash

PasswordMultiplier

neutral

positive

negative

8/11

Lessons Learned - Usability• activation

– “well I think it did something”– once is not enough

• lack of feedback, invisibility/transparency– complete tasks without activation

• frustration and misconceptions– gave up on tasks– how system deals with passwords

9/11

Lessons Learned - Security

• Usability problems lead to security vulnerabilities

• False sense of security

• Benefits rely on correct operation

10/11

Conclusion

• Usability is a concern because it can directly lead to security vulnerabilities

• Systems must be tested with real users– transparency not always good– must support users’ mental models

11/11

For more info:

http://www.scs.carleton.ca/~schiasso/