Carleton University
Technical Report TR-11-07
April 26, 2011
Exploration and Field Study of a Browser-based Password Manager using Icon-based Passwords
Kemal Bicakci, Nart Bedin Atalay, Mustafa Yuceel, Paul C. van Oorschot
Abstract
We carry out a hybrid lab and field study of a password manager program, and report on usability and security. Our study explores iPMAN, a browser-based password manager that in addition uses a graphical password scheme for the master password. We present our findings as a set of observations and insights expected to be of interest both to those exploring password managers, and graphical passwords. Motivated by our findings, but also of independent interest, we also present a new salt generation method using blind signatures, to protect against offline attacks, decreasing user inconvenience by generating t significantly faster than earlier work (Halderman et al. 2005).