Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers
Date: December 2014
Publication: The 8th International Conference on Passwords (Passwords14) / Lecture Notes in Computer Science Volume 9393
Page(s): 61 - 73
Source 1: http://www.mypico.org/documents/2014-StaSpeJen-pmf.pdf
Source 2: http://pico.cl.cam.ac.uk/documents/2014-StaSpeJen-pmf.pdf
Source 3: http://dx.doi.org/10.1007/978-3-319-24192-0_4 - Subscription or payment required
Abstract or Summary:
Subtle and sometimes baffling variations in the implementation of password-based authentication are widespread on the web. Despite being imperceptible to end users, such variations often require that password managers implement complex heuristics in order to act on the userís behalf. These heuristics are inherently brittle. As a result, password managers are unnecessarily complex and yet they still occasionally fail to work properly on some websites. In this paper we propose PMF, a specification of simple semantic labels for password-related web forms. These semantic labels allow a software agent such as a password manager to extract meaning, such as which site the login form is for and what field in the form corresponds to the username. Our spec also allows the agent to generate a strong password on the userís behalf. PMF reduces a password managerís dependency on complex heuristics, making its operation more effective and dependable and bringing usability and security advantages to users and website operators.
PasswordResearch.com Note: Link to project page: http://pmfriendly.org Video of presentation: https://video.adm.ntnu.no/pres/549930a071c7d
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.