GGrantIndex
← Search

SaTC: CORE: Small: Identifying and Quantifying Design Principles For Improving Password Manager Usage

$555,999FY2022CSENSF

University Of Tennessee Knoxville, Knoxville TN

Investigators

Abstract

To be safe, people need to select strong passwords that attackers can’t guess. They also need a different password for every one of their accounts. The difficulty of this task leads many people to select weak passwords or reuse passwords. Password managers seek to improve password quality by helping people create, store, and enter passwords, allowing for the creation of stronger and unique passwords. However, prior research has shown that while people like their password managers, they fail to use many of the password manager’s security-critical functionality. For example, many people only store passwords of their own creation, ignoring the password manager’s password generation feature, leaving themselves vulnerable to attack. This project will address this problem by measuring the extent to which different designs can encourage people to use all the security-critical functionality their password manager provides. Not only will this work increase the scientific understanding of how to build password managers and other authentication systems, but it will also offer tangible security and usability benefits to password manager users. These security and usability benefits will positively impact societal welfare and national defense. This project will work to identify design principles to improve password managers’ usability, utility, and utilization in three areas. First, this project will address password generation, making it easier to enter generated passwords on a wide range of devices—for example, tablets, TVs, game consoles, etc. This will be accomplished by surveying people regarding the devices where they enter passwords, measuring those devices’ input characteristics, and designing password generation schemes that consider those characteristics. User studies comparing these prototypes will measure their relative effectiveness. Second, this project will improve password managers’ health check functionality. This will be done by conducting exploratory user studies to understand impediments to using password health checks correctly and frequently, prototyping systems that address those impediments, then measuring the effectiveness of those prototypes in user studies. Third, this project will explore how password managers can better support the symbiotic needs of parents and children. This will be done by interviewing and surveying parents and children to understand their authentication needs and how they currently use password managers, designing and prototyping approaches for addressing those needs, and evaluating those prototypes through user studies. Design principles identified throughout this research will be summarized in research papers and on a public-facing website that synthesizes this project’s results in a manner easily digested by password manager vendors and other researchers. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →