Citation Context

... Necessity 0.130 0.248 1 0.374 Security 0.337 0.368 0.374 0.287 Table 2. Cross-Correlation of Usability Measures The coefficients from less than -0.5 and more than 0.5 are generally regarded as large =-=[21]-=- and in line with the findings of [22], we cannot regard any of our usability measures as sufficiently correlated with others that they could be justifiably omitted. On the other hand, since the measu...

Citation Context

... first two components, i.e., PC1 and PC2, together explain nearly 70% of the variance, and PC3 and PC4 have eigenvalues that are less than 1, i.e., explaining less variance than one original variable =-=[23]-=-, we disregard PC3 and PC4 in the following analysis. Table 4 shows the factor loadings of PC1 and PC2. As shown, PC1 factors in all usability measures positively and more in comparison to PC2, while ...

Citation Context

... often tend to choose short and “low-entropy” passwords [3, 4], enabling offline dictionary attacks and brute-forcing attempts, or they write passwords down or use the same password at multiple sites =-=[5]-=-. Password Managers (PMs) attempt to solve this conundrum by having a computing device, rather than the user herself, store (and optionally, generate) passwords, and then later deliver or recall them ...

Citation Context

...er has to maintain is severely testing the limits of their cognitive abilities [2]. This leads to “weak” choices in practice. For example, users often tend to choose short and “low-entropy” passwords =-=[3, 4]-=-, enabling offline dictionary attacks and brute-forcing attempts, or they write passwords down or use the same password at multiple sites [5]. Password Managers (PMs) attempt to solve this conundrum b...

Citation Context

...nclined towards the USB manager in comparison to the online manager. These findings can generally be credited to the fact 3 Rather than storing passwords, a variant on desktop managers (e.g., PwdHash =-=[7]-=-) derives passwords onthe-fly, based on a master password and, a specific variable, e.g. the URL of the website to authenticate to. From the user’s perspective, both types of passwords managers are eq...

Citation Context

...er has to maintain is severely testing the limits of their cognitive abilities [2]. This leads to “weak” choices in practice. For example, users often tend to choose short and “low-entropy” passwords =-=[3, 4]-=-, enabling offline dictionary attacks and brute-forcing attempts, or they write passwords down or use the same password at multiple sites [5]. Password Managers (PMs) attempt to solve this conundrum b...

Citation Context

... a security-focused nature of our study. 4 Such a priming in terms of security can possibly result in skewed (over-alert) participant behavior and in biased results, as demonstrated by prior research =-=[20]-=-. As mentioned previously, after administering the Pre Test questionnaire, the respondents were asked to perform five tasks corresponding to each password manager. Any possible user errors in performi...

Citation Context

...y 0.337 0.368 0.374 0.287 Table 2. Cross-Correlation of Usability Measures The coefficients from less than -0.5 and more than 0.5 are generally regarded as large [21] and in line with the findings of =-=[22]-=-, we cannot regard any of our usability measures as sufficiently correlated with others that they could be justifiably omitted. On the other hand, since the measures are mildly correlated, it motivate...

Citation Context

...ds or PINs are the most widely deployed, for authentication to remote servers, ATMs and mobile phones. For over more than a decade, users have been asked to memorize an increasing number of passwords =-=[1]-=- to authenticate to various online services. While users can usually easily memorize a couple of passwords, the current explosion of the number of passwords each user has to maintain is severely testi...

Citation Context

... preferred to manage their passwords themselves on their own portable devices. We note that the only prior work that directly relates to our study, to the best of our knowledge, is by Chiasson et. al =-=[12]-=-. The study [12] evaluates two desktop managers – PwdHash [7] and Password Multiplier [2], and points out underlying usability problems with these two managers. Our study, on the other hand, aims at e...

Citation Context

.... While users can usually easily memorize a couple of passwords, the current explosion of the number of passwords each user has to maintain is severely testing the limits of their cognitive abilities =-=[2]-=-. This leads to “weak” choices in practice. For example, users often tend to choose short and “low-entropy” passwords [3, 4], enabling offline dictionary attacks and brute-forcing attempts, or they wr...

Citation Context

...ame and password prior to credential retrieval is a necessity. Portable managers, on the other hand, never requires a user name due to the personal nature of a user’s mobile device. Also, as noted in =-=[13]-=-, there are several flaws and challenges associated with with managing credentials through remote servers. Although users desire the additional security benefits online servers can provide, users are ...

Citation Context

...e can broadly distinguish between three categories of password managers: desktop manager, online manager and portable manager. A desktop manager (e.g., Mozilla Firefox, Apple MacOS Keychain, RoboForm =-=[6]-=-) stores strong passwords on the user’s desktop (i.e., on the terminal used for authentication) 3 while an online manager (e.g., LastPass [8] and Mozilla Weave Sync [9]) stores them on remote third-pa...

Citation Context

...ger (e.g., Mozilla Firefox, Apple MacOS Keychain, RoboForm [6]) stores strong passwords on the user’s desktop (i.e., on the terminal used for authentication) 3 while an online manager (e.g., LastPass =-=[8]-=- and Mozilla Weave Sync [9]) stores them on remote third-party server(s). A portable manager, on the other hand, stores strong passwords on user’s portable device. Among portable managers, we can furt...

Citation Context

... Apple MacOS Keychain, RoboForm [6]) stores strong passwords on the user’s desktop (i.e., on the terminal used for authentication) 3 while an online manager (e.g., LastPass [8] and Mozilla Weave Sync =-=[9]-=-) stores them on remote third-party server(s). A portable manager, on the other hand, stores strong passwords on user’s portable device. Among portable managers, we can further identify two different ...

Citation Context

...evices: We used common devices that most users are quite familiar with. We used Imation 2GB USB 2.0 thumb drive [17] – as our USB manager – with RoboForm2Gosoftware. We chose Nokia 5310 mobile phone =-=[18]-=- as our Phone manager installed with KeePassMobile. We used a Dell Desktop as our primary authentication terminal and a Sony Laptop for the purpose of login from another terminal (see Section 4.2). Br...