Do Password Managers Nudge Secure (Random) Passwords?

Abstract

Passwords are the most popular authentication method due to their simplicity and widespread adoption. However, the prevalence of password reuse undermines its security. A promising strategy to mitigate the risks of password reuse is to use random passwords generated and stored by password managers, yet many users do not use them. Many web browsers have built-in password managers that employ nudges at the time of password creation. These nudges aim to persuade the selection of more secure random passwords; however, little is known about which designs are most effective. We study (n = 558) the efficacy of nudges used by three popular web browsers: Chrome, Firefox, and Safari. Our results suggest Safari’s nudge implementation is significantly more effective than the others at nudging users to adopt a randomly generated password. We examine factors that may contribute to the adoption of randomly generated passwords, reasons that people adopt a randomly generated password (or not), as well as discuss elements of Safari’s nudge design that may contribute to its success. Our findings can be useful in informing both future password manager nudge designs and interventions to encourage password manager use.

Publication
In Proceedings of the 18th Symposium on Usable Privacy and Security (SOUPS’22).
Date
Links