SmartPasswords: Increasing Password Managers' Usability by Generating Compliant Passwords

Abstract

Passwords are still the go-to method to provide efficient user authentication in web applications, despite research showing that users usually choose weak passwords and reuse them across different services. Security experts advocate the usage of password managers. These tools can improve account security by enabling the utilization of unique and robust passwords, simultaneously improving the usability and convenience of text password authentication. However, these tools are not prepared to deal with overly restrictive password composition policies, which many websites employ. These policies pose challenges to password managers and may impact their usage: users become frustrated when generated passwords do not comply with such policies. We aim to solve this problem by 1) combining a language capable of describing password rules and a widely used password manager — Bitwarden —, and 2) expanding said language to express policies suggested by experts, which combine security and usability. We generated compliant passwords for every policy tested with our prototype, and Bitwarden accepted our solution to incorporate in their final product. These results are encouraging and suggest that password managers benefit from this ability to interpret password policies, which is a further step to increase the adoption of password managers.