TY - GEN
T1 - VaultIME
T2 - 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
AU - Guan, Le
AU - Farhang, Sadegh
AU - Pu, Yu
AU - Guo, Pinyao
AU - Grossklags, Jens
AU - Liu, Peng
N1 - Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.
PY - 2018
Y1 - 2018
N2 - Users are often educated to follow different forms of advice from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every important website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable or even threatened, when they grant password managers the privilege to automate access to their digital accounts. Likewise, they are worried that individuals close to them may be able to access important websites by using the password manager stealthily. We propose VaultIME to nudge more users towards the adoption of password managers by offering them a tangible benefit with minimal interference with their current usage practices. Instead of “auto-filling” password fields, we propose a new mechanism to “auto-correct” passwords in the presence of minor typos. VaultIME innovates by integrating the functionality of a password manager into an input method editor. Specifically, running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. We show that VaultIME achieves high levels of usability and security. With respect to usability, VaultIME is able to correct as many as 47.8% of password typos in a real-world password typing dataset. Regarding security, simulated attacks reveal that the security loss brought by VaultIME against a brute-force attacker is at most 0.43%.
AB - Users are often educated to follow different forms of advice from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every important website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable or even threatened, when they grant password managers the privilege to automate access to their digital accounts. Likewise, they are worried that individuals close to them may be able to access important websites by using the password manager stealthily. We propose VaultIME to nudge more users towards the adoption of password managers by offering them a tangible benefit with minimal interference with their current usage practices. Instead of “auto-filling” password fields, we propose a new mechanism to “auto-correct” passwords in the presence of minor typos. VaultIME innovates by integrating the functionality of a password manager into an input method editor. Specifically, running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. We show that VaultIME achieves high levels of usability and security. With respect to usability, VaultIME is able to correct as many as 47.8% of password typos in a real-world password typing dataset. Regarding security, simulated attacks reveal that the security loss brought by VaultIME against a brute-force attacker is at most 0.43%.
UR - http://www.scopus.com/inward/record.url?scp=85045980060&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85045980060&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-78813-5_35
DO - 10.1007/978-3-319-78813-5_35
M3 - Conference contribution
AN - SCOPUS:85045980060
SN - 9783319788128
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 673
EP - 686
BT - Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings
A2 - Ghorbani, Ali
A2 - Lin, Xiaodong
A2 - Ren, Kui
A2 - Zhu, Sencun
A2 - Zhang, Aiqing
PB - Springer Verlag
Y2 - 22 October 2017 through 25 October 2017
ER -