1

Studying Users' Willingness to Use a Formally Verified Password Manager

Password Managers (PMs) help users manage their passwords safely but many users do not trust them. To mitigate users' doubts, formal verification can be used. Formal verification can guarantee the absence of errors and make PMs more reliable. …

Verified password generation from password composition policies

Password managers (PMs) are important tools that enable the use of stronger passwords, freeing users from the cognitive burden of remembering them. Despite this, there are still many users who do not fully trust PMs. In this paper, we focus on a …

Exploring Usable Security to Improve the Impact of Formal Verification: A Research Agenda

As software becomes more complex and assumes an even greater role in our lives, formal verification is set to become the gold standard in securing software systems into the future, since it can guarantee the absence of errors and entire classes of …

Automatic Repair of Java Code with Timing Side-Channel Vulnerabilities

Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair …

Towards Improving the Usability of Password Managers

Security experts strongly recommend the use of Password Managers (PMs). However, PMs are not widely used and studies indicate usability problems and distrust from users as the reasons for their low adoption. In this paper, we review usability …

Practical recommendations for stronger, more usable passwords combining minimum-strength, minimum-length, and blocklist requirements

Multiple mechanisms exist to encourage users to create stronger passwords, including minimum-length and character-class requirements, prohibiting blocklisted passwords, and giving feedback on the strength of candidate passwords. Despite much …

Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection

The choice of password composition policy to enforce on a password-protected system represents a critical security decision, and has been shown to significantly affect the vulnerability of user-chosen passwords to guessing attacks. In practice, …

Evaluating the Accuracy of Password Strength Meters using Off-The-Shelf Guessing Attacks

In this paper we measure the accuracy of password strength meters (PSMs) using password guessing resistance against off-the-shelf guessing attacks. We consider 13 PSMs, 5 different attack tools, and a random selection of 60,000 passwords extracted …

Why people (don’t) use password managers effectively

Security experts often recommend using password management tools that both store passwords and generate random passwords. However, research indicates that only a small fraction of users use password managers with password generators. Past studies …