On Usable Security and Verified Password Managers

Abstract

Password Managers (PMs) are useful tools to manage passwords but they are not widely used. Studies indicate usability problems and distrust from users as the reasons for the low adoption of PMs. As such, we propose extending an existing PM by implementing relevant usability best practices and increasing transparency by educating users about how PMs work. This project is part of the PassCert research project, which aims to build a formally verified PM. Therefore, another goal is to explore ways that effectively convey to users the formally verified properties. We performed user studies that suggest that our solution improves the usability of the PM and that we were able to convey relevant information about its formally verified features. We contribute with the first study on users’ perceptions of formal verification on PMs and hope that our findings can help the formal verification security community better communicate with end-users.