Skip to main content

Systematization of Password Manager Use Cases and Design Paradigms...

by James Simmons, Timothy S Oesch, Scott Ruoti, Oumar Diallo
Publication Type
Conference Paper
Journal Name
Annual Computer Security Applications Conference (ACSAC)
Book Title
Proceedings of ACSAC: Annual Computer Security Applications Conference
Publication Date
Page Numbers
528 to 540
Publisher Location
New York, United States of America
Conference Name
Annual Computer Security Applications Conference (ACSAC)
Conference Location
Online, Hawaii, United States of America
Conference Sponsor
Conference Date

Despite efforts to replace them, passwords remain the primary form of authentication on the web. Password managers seek to address many of the problems with passwords by helping users generate, store, and fill strong and unique passwords. Even though experts frequently recommend password managers, there is limited information regarding their usability. To aid in designing such usability studies, we systematize password manager use cases, identifying ten essential use cases, three recommended use cases, and four extended use cases. We also systematize the system designs employed to satisfy these use cases, designs that should be examined in usability studies to understand their relative strengths and weaknesses. Finally, we describe observations from 136 cognitive walkthroughs exploring the identified essential use cases in eight popular managers. Ultimately, we expect that this work will serve as the foundation for an explosion of new research into the usability of password managers.