Password managers aim to help users manage their ever increasing number of passwords for online authentication. Since users only have to memorise one master secret to unlock an encrypted password database or key chain storing all their (hopefully) different and strong passwords, password managers are intended to increase username/password security. With mobile Internet usage on the rise, password managers have found their way onto smartphones and tablets. In this paper, we analyse the security of password managers on Android devices. While encryption mechanisms are used to protect credentials, we will show that a usability feature of the investigated mobile password managers puts the users’ usernames and passwords at risk. We demonstrate the consequences of our findings by analysing 21 popular free and paid password managers for Android. We then make recommendations how to overcome the current problems and provide an implementation of a secure and usable mobile password manager.
%0 Book Section
%1 noKey
%A Fahl, Sascha
%A Harbach, Marian
%A Oltrogge, Marten
%A Muders, Thomas
%A Smith, Matthew
%B Financial Cryptography and Data Security
%D 2013
%E Sadeghi, Ahmad-Reza
%I Springer Berlin Heidelberg
%K myown privacy security usablesecurity
%P 144-161
%R 10.1007/978-3-642-39884-1_12
%T Hey, You, Get Off of My Clipboard
%U http://dx.doi.org/10.1007/978-3-642-39884-1_12
%V 7859
%X Password managers aim to help users manage their ever increasing number of passwords for online authentication. Since users only have to memorise one master secret to unlock an encrypted password database or key chain storing all their (hopefully) different and strong passwords, password managers are intended to increase username/password security. With mobile Internet usage on the rise, password managers have found their way onto smartphones and tablets. In this paper, we analyse the security of password managers on Android devices. While encryption mechanisms are used to protect credentials, we will show that a usability feature of the investigated mobile password managers puts the users’ usernames and passwords at risk. We demonstrate the consequences of our findings by analysing 21 popular free and paid password managers for Android. We then make recommendations how to overcome the current problems and provide an implementation of a secure and usable mobile password manager.
%@ 978-3-642-39883-4
@incollection{noKey,
abstract = {Password managers aim to help users manage their ever increasing number of passwords for online authentication. Since users only have to memorise one master secret to unlock an encrypted password database or key chain storing all their (hopefully) different and strong passwords, password managers are intended to increase username/password security. With mobile Internet usage on the rise, password managers have found their way onto smartphones and tablets. In this paper, we analyse the security of password managers on Android devices. While encryption mechanisms are used to protect credentials, we will show that a usability feature of the investigated mobile password managers puts the users’ usernames and passwords at risk. We demonstrate the consequences of our findings by analysing 21 popular free and paid password managers for Android. We then make recommendations how to overcome the current problems and provide an implementation of a secure and usable mobile password manager.},
added-at = {2020-04-17T12:27:36.000+0200},
author = {Fahl, Sascha and Harbach, Marian and Oltrogge, Marten and Muders, Thomas and Smith, Matthew},
biburl = {https://www.bibsonomy.org/bibtex/2a1b4e9dab4b0cef1361e56a6a2b7e05a/smithl3s},
booktitle = {Financial Cryptography and Data Security},
description = {Hey, You, Get Off of My Clipboard - Springer},
doi = {10.1007/978-3-642-39884-1_12},
editor = {Sadeghi, Ahmad-Reza},
interhash = {0dc6edf3ebd37c4db1caa12d00dd2618},
intrahash = {a1b4e9dab4b0cef1361e56a6a2b7e05a},
isbn = {978-3-642-39883-4},
keywords = {myown privacy security usablesecurity},
pages = {144-161},
publisher = {Springer Berlin Heidelberg},
series = {Lecture Notes in Computer Science},
timestamp = {2020-04-17T12:27:36.000+0200},
title = {Hey, You, Get Off of My Clipboard},
url = {http://dx.doi.org/10.1007/978-3-642-39884-1_12},
volume = 7859,
year = 2013
}