Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers
Authors: Frank Stajano, Max Spencer, Graeme Jenkinson, Quentin Stafford-Fraser

Date: December 2014
Publication: The 8th International Conference on Passwords (Passwords14) / Lecture Notes in Computer Science Volume 9393
Page(s): 61 - 73
Publisher: Springer
Source 1:
Source 2:
Source 3: - Subscription or payment required

Abstract or Summary:
Subtle and sometimes baffling variations in the implementation of password-based authentication are widespread on the web. Despite being imperceptible to end users, such variations often require that password managers implement complex heuristics in order to act on the userís behalf. These heuristics are inherently brittle. As a result, password managers are unnecessarily complex and yet they still occasionally fail to work properly on some websites. In this paper we propose PMF, a specification of simple semantic labels for password-related web forms. These semantic labels allow a software agent such as a password manager to extract meaning, such as which site the login form is for and what field in the form corresponds to the username. Our spec also allows the agent to generate a strong password on the userís behalf. PMF reduces a password managerís dependency on complex heuristics, making its operation more effective and dependable and bringing usability and security advantages to users and website operators. Note: Link to project page: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019