EAI Endorsed Transactions on Security and Safety (May 2018)

VaultIME: Regaining User Control for Password Managers through Auto-correction

  • Le Guan,
  • Sadegh Farhang,
  • Yu Pu,
  • Pinyao Guo,
  • Jens Grossklags,
  • Peng Liu

DOI
https://doi.org/10.4108/eai.15-5-2018.154772
Journal volume & issue
Vol. 4, no. 14
pp. 1 – 12

Abstract

Read online

Users are often educated to follow advices from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable when they grant password managers the privilege to automate access to their digital accounts. We propose VaultIME to nudge more users towards the adoption of password managers by offering them a tangible benefit, while only slightly interfering with their current usage practices. Instead of “auto-filling” password fields, we propose to “auto-correct” passwords in case of minor typos. VaultIME integrates the functionality of a password manager into the input method editor. Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. We show that VaultIME achieves high levels of usability and security.

Keywords