User Comprehension of Password Reuse Risks and Mitigations in Password Managers
MetadataShow full item record
Passwords are a familiar and cheap way to authenticate the users of online services. Most users have many online accounts, but just a few unique passwords, resorting to strategies for the creation and recall of passwords that leave them vulnerable to password reuse attacks. The dangers associated with password reuse are not well understood by most users, and even partial reuse results in increased vulnerability. This thesis describes an experiment testing a model reuse notification, delivered via a prototype password manager, among a group of online survey participants. I present evidence that a meaningful improvement in users' comprehension of password reuse and associated risks can be achieved by presenting users with password reuse dialogues in an explicitly cross-site context. This work directly addresses a current issue in the field of usable privacy and security, providing concrete data, and offering direction to researchers and developers seeking to better secure vulnerable users.