sesa 18(14): e4

Research Article

VaultIME: Regaining User Control for Password Managers through Auto-correction

Download132 downloads
  • @ARTICLE{10.4108/eai.15-5-2018.154772,
        author={Le Guan and Sadegh Farhang and Yu Pu and Pinyao Guo and Jens Grossklags and Peng Liu},
        title={VaultIME: Regaining User Control for Password Managers through Auto-correction},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={4},
        number={14},
        publisher={EAI},
        journal_a={SESA},
        year={2018},
        month={5},
        keywords={Password manager, Auto-correction, IME, Usable security},
        doi={10.4108/eai.15-5-2018.154772}
    }
    
  • Le Guan
    Sadegh Farhang
    Yu Pu
    Pinyao Guo
    Jens Grossklags
    Peng Liu
    Year: 2018
    VaultIME: Regaining User Control for Password Managers through Auto-correction
    SESA
    EAI
    DOI: 10.4108/eai.15-5-2018.154772
Le Guan1,*, Sadegh Farhang1, Yu Pu1, Pinyao Guo1, Jens Grossklags2, Peng Liu1
  • 1: Pennsylvania State University, State College, PA, USA
  • 2: Technical University of Munich, Munich, Germany
*Contact email: lug14@ist.psu.edu

Abstract

Users are often educated to follow advices from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable when they grant password managers the privilege to automate access to their digital accounts. We propose VaultIME to nudge more users towards the adoption of password managers by offering them a tangible benefit, while only slightly interfering with their current usage practices. Instead of “auto-filling” password fields, we propose to “auto-correct” passwords in case of minor typos. VaultIME integrates the functionality of a password manager into the input method editor. Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. We show that VaultIME achieves high levels of usability and security.