VaultIME: Regaining User Control for Password Managers Through Auto-Correction

@inproceedings{Guan2017VaultIMERU,
  title={VaultIME: Regaining User Control for Password Managers Through Auto-Correction},
  author={Le Guan and Sadegh Farhang and Yu Pu and Pinyao Guo and Jens Grossklags and Peng Liu},
  booktitle={SecureComm},
  year={2017}
}
Users are often educated to follow different forms of advice from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every important website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable or even threatened, when they grant password managers the privilege to automate access to their digital accounts. Likewise, they are worried that individuals close to them… 
A Typo-Tolerant Password Authentication Scheme with Targeted Error Correction
  • Xin Chen, Xinyi Huang, Y. Mu, Ding Wang
  • Computer Science
    2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2019
TLDR
A typo-tolerant password authentication scheme with targeted error correction that first uses fuzzy judgment to determine whether the input password contains personal information, and then correct the password according to the result of the fuzzy judgment.

References

SHOWING 1-10 OF 33 REFERENCES
The usability of passphrases for authentication: An empirical field study
pASSWORD tYPOS and How to Correct Them Securely
We provide the first treatment of typo-tolerant password authentication for arbitrary user-selected passwords. Such a system, rather than simply rejecting a login attempt with an incorrect password,
Of passwords and people: measuring the effect of password-composition policies
TLDR
A large-scale study investigates password strength, user behavior, and user sentiment across four password-composition policies, and describes the predictability of passwords by calculating their entropy, finding that a number of commonly held beliefs about password composition and strength are inaccurate.
On the Security of Password Manager Database Formats
TLDR
This research examines the security of password managers used by users to securely store valuable and sensitive information, from online banking passwords and login credentials to passport- and social security numbers.
The Emperor's New Password Manager: Security Analysis of Web-based Password Managers
TLDR
A security analysis of five popular web-based password managers suggests that it remains to be a challenge for the password managers to be secure, and advocates a defense-in-depth approach to ensure security of password managers.
Can long passwords be secure and usable?
TLDR
Among the longer policies, new evidence for a security/usability tradeoff is discovered, with none being strictly better than another on both dimensions, however, several policies are both more usable and more secure that the traditional policy the authors tested.
Understanding environmental influences on performing password-based mobile authentication
TLDR
A study investigates password strength, user behavior, and user sentiment across two password composition policies under two environmental conditions such as stationary (sedentary position) and on-the-go (while walking).
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
TLDR
The results show significant differences in the usability of password entry (required password entry time, typing accuracy) and susceptibility to shoulder surfing and provide insights for security-aware design of on-screen keyboards and for password composition strategies tailored to entry on smartphones.
Targeted Online Password Guessing: An Underestimated Threat
TLDR
TarGuess, a framework that systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker, is proposed to design novel and efficient guessing algorithms.
The password practices applied by South African online consumers: Perception versus reality
TLDR
There is a disparity between South African online consumers’ perceived ability regarding computer password security and the password creation and management practices that they apply, confirming that challenges to ensure safe online transacting are in line with international challenges.
...
...