VaultIME: Regaining User Control for Password Managers through Auto-correction

Authors

DOI:

https://doi.org/10.4108/eai.15-5-2018.154772

Keywords:

Password manager, Auto-correction, IME, Usable security

Abstract

Users are often educated to follow advices from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable when they grant password managers the privilege to automate access to their digital accounts. We propose VaultIME to nudge more users towards the adoption of password managers by offering them a tangible benefit, while only slightly interfering with their current usage practices. Instead of “auto-filling” password fields, we propose to “auto-correct” passwords in case of minor typos. VaultIME integrates the functionality of a password manager into the input method editor. Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. We show that VaultIME achieves high levels of usability and security.

Downloads

Published

15-05-2018

How to Cite

Guan, L. ., Farhang, S. ., Pu, Y. ., Guo, P. ., Grossklags, J. ., & Liu, P. . (2018). VaultIME: Regaining User Control for Password Managers through Auto-correction. EAI Endorsed Transactions on Security and Safety, 4(14), e4. https://doi.org/10.4108/eai.15-5-2018.154772

Funding data