VaultIME: Regaining User Control for Password Managers through Auto-correction
DOI:
https://doi.org/10.4108/eai.15-5-2018.154772Keywords:
Password manager, Auto-correction, IME, Usable securityAbstract
Users are often educated to follow advices from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable when they grant password managers the privilege to automate access to their digital accounts. We propose VaultIME to nudge more users towards the adoption of password managers by offering them a tangible benefit, while only slightly interfering with their current usage practices. Instead of “auto-filling” password fields, we propose to “auto-correct” passwords in case of minor typos. VaultIME integrates the functionality of a password manager into the input method editor. Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. We show that VaultIME achieves high levels of usability and security.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
Funding data
-
National Science Foundation
Grant numbers CNS-1422594