Why Users (Don't) Use Password Managers at a Large Educational Institution

Authors: 

Peter Mayer, Karlsruhe Institute of Technology; Collins W. Munyendo, The George Washington University; Michelle L. Mazurek, University of Maryland, College Park; Adam J. Aviv, The George Washington University

Abstract: 

We quantitatively investigated the current state of Password Manager (PM) usage and general password habits at a large, private university in the United States. Building on prior qualitative findings from SOUPS 2019, we survey n=277 faculty, staff, and students, finding that 77% of our participants already use PMs, but users of third-party PMs, as opposed to browser-based PMs, were significantly less likely to reuse their passwords across accounts. The largest factor encouraging PM adoption is perceived ease-of-use, indicating that communication and institutional campaigns should focus more on usability factors. Additionally, our work indicates the need for design improvements for browser-based PMs to encourage less password reuse as they are more widely adopted.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {281310,
author = {Peter Mayer and Collins W. Munyendo and Michelle L. Mazurek and Adam J. Aviv},
title = {Why Users (Don{\textquoteright}t) Use Password Managers at a Large Educational Institution},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1},
address = {Boston, MA},
pages = {1849--1866},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/mayer},
publisher = {USENIX Association},
month = aug,
}