Skip to main content
SpringerLink
Log in

Exploration and Field Study of a Password Manager Using Icon-Based Passwords

  • Conference paper
Financial Cryptography and Data Security (FC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7126))

Included in the following conference series:

Abstract

We carry out a hybrid lab and field study of a password manager program, and report on usability and security. Our study explores iPMAN, a browser-based password manager that in addition uses a graphical password scheme for the master password. We present our findings as a set of observations and insights expected to be of interest both to those exploring password managers, and graphical passwords.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1Password, http://agilewebsolutions.com/products/1Password

  2. Abadi, M., Bharat, L., Marais, A.: System and method for generating unique passwords. US Patent 6141760 (1997)

    Google Scholar 

  3. Bicakci, K., Atalay, N.B., Yuceel, M., Gurbaslar, H., Erdeniz, B.: Towards Usable Solutions to Graphical Password Hotspot Problem. In: 33rd Annual IEEE Int. Computer Software and Applications Conference (2009)

    Google Scholar 

  4. Bicakci, K., Atalay, N.B., Yuceel, M., van Oorschot, P.C.: Exploration and Field Study of a Password Manager using Icon-based Passwords. Technical Report, School of Computer Science, Carleton University (April 2011)

    Google Scholar 

  5. Bicakci, K., Yuceel, M., Erdeniz, B., Gurbaslar, H., Atalay, N.B.: Graphical passwords as browser extension: Implementation and usability study. In: 3rd IFIP WG 11.11 Int. Conf. on Trust Management (2009)

    Google Scholar 

  6. Bonneau, J., Preibusch, S.: The Password Thicket: Technical and Market Failures in Human Authentication on the Web. In: 9th Workshop on the Economics of Information Security, WEIS (2010)1

    Google Scholar 

  7. Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.C.: Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. In: BCS-HCI, Liverpool, U.K (2008)

    Google Scholar 

  8. Chiasson, S., van Oorschot, P.C., Biddle, R.: A Usability Study and Critique of Two Password Managers. In: USENIX Security (2006)

    Google Scholar 

  9. Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: USENIX Security (2004)

    Google Scholar 

  10. Florencio, D., Herley, C.: A large-scale study of web password habits. In: 16th Int. Conf. World Wide Web, WWW 2007 (2007)

    Google Scholar 

  11. Fogg, B.J.: Persuasive Technologies: Using Computers to Change What We Think and Do. Morgan Kaufmann Publishers, San Francisco (2003)

    Google Scholar 

  12. Gaber, E., Gobbons, P., Mattias, Y., Mayer, A.: How to Make Personalized Web Browsing Simple, Secure, and Anonymous. In: Luby, M., Rolim, J.D.P., Serna, M. (eds.) FC 1997. LNCS, vol. 1318, pp. 17–32. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  13. Govindarajulu, N., Madhvanath, S.: Password management using doodles. In: 9th International Conference on Multimodal Interfaces, ICMI (November 2007)

    Google Scholar 

  14. Guttmann, P.: Manuscript chapters, Usable Security, http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf

  15. Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: 14th International Conf. on World Wide Web, WWW 2005 (2005)

    Google Scholar 

  16. Herley, C.: So long, and no thanks for the externalities: The rational rejection of security advice by users. In: NSPW 2009 (2009)

    Google Scholar 

  17. Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: 8th USENIX Security (1999)

    Google Scholar 

  18. Jung, E.: Passwordmaker, http://passwordmaker.mozdev.org

  19. Lastpass, http://lastpass.com/

  20. Kintsch, W.: Models for free recall and recognition. In: Norman, D.A. (ed.) Models of Human Memory. Academic Press, New York (1970)

    Google Scholar 

  21. Mac OS X Reference Library. KeyChain Services Programming Guide, http://developer.apple.com/library/mac/navigation

  22. OpenID Foundation, http://openid.net/

  23. van Overschelde, P., Rawson, K.A., Dunlosky, J.: Category norms: An updated and expanded version of the Battig and Montague. norms. Journal of Memory and Language 50, 289–335 (2004)

    Article  Google Scholar 

  24. Password Safe, http://passwordsafe.sourceforge.net/

  25. la Poutre, J.: Password composer, http://www.xs4all.nl/~jlpoutre/BoT/Javascript/PasswordComposer/

  26. Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger password authentication using browser extensions. In: USENIX Security (2005)

    Google Scholar 

  27. Sun, S.-T., Boshmaf, Y., Hawkey, K., Beznosov, K.: A Billion Keys, but Few Locks: The Crisis of Web Single Sing-On. In: NSPW 2010 (2010)

    Google Scholar 

  28. Tao, H., Adams, C.: Pass-Go: A proposal to improve the usability of graphical passwords. International Journal of Network Security 7(2) (2008)

    Google Scholar 

  29. Thorpe, J., van Oorschot, P.C.: Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In: USENIX Security (2008)

    Google Scholar 

  30. Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63(1-2) (2005)

    Google Scholar 

  31. Yee, K., Sitaker, K.: Passpet: convenient password management and phishing protection. In: SOUPS (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TOBB University of Economics and Technology, Turkey

    Kemal Bicakci & Mustafa Yuceel

  2. Selcuk University, Turkey

    Nart Bedin Atalay

  3. School of Computer Science, Carleton University, Canada

    P. C. van Oorschot

Authors
  1. Kemal Bicakci
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nart Bedin Atalay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mustafa Yuceel
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. P. C. van Oorschot
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research Cambridge, Roger Needham Building, 7 J J Thomson Avenue, CB3 0FB, Cambridge, UK

    George Danezis

  2. Department of Computer Science, Stevens Institute of Technology, Castle Point on Hudson, 07030, Hoboken, NJ, USA

    Sven Dietrich

  3. Central Research Laboratories, NEC Corporation, 1753 Shimonumabe Nakahara, 211-8666, Kawasaki, Japan

    Kazue Sako

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bicakci, K., Atalay, N.B., Yuceel, M., van Oorschot, P.C. (2012). Exploration and Field Study of a Password Manager Using Icon-Based Passwords. In: Danezis, G., Dietrich, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29889-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29889-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29888-2

  • Online ISBN: 978-3-642-29889-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation