Login | Register




Safaie, Tina (2021) BYPASS: RECONSIDERING THE USABILITY OF PASSWORD MANAGERS. Masters thesis, Concordia University.

[thumbnail of Safaie_MASc_F2021a.pdf]
Text (application/pdf)
Safaie_MASc_F2021a.pdf - Accepted Version


Since passwords are an unavoidable mechanism for authenticating to online services, experts often recommend using a password manager for better password security. However, adoption of password managers is low due to poor usability, the difficulty of migrating accounts to a manager, and users' sense that a manager will not add value. In this work, we present ByPass, a novel password manager that is placed between the user and the website for secure and direct communication between the manager and websites. This direct communication allows ByPass to minimize the users' actions needed to complete various password management tasks, including account registration, logins, and password changes. ByPass is designed to minimize errors and improve usability. Our goal is to create a space where security could be the users' primary task, and allow them to focus cleanly and consistently on account management tasks. The constancy of the ByPass interface is intended to allow users a greater sense of control over their passwords and accounts. By using the API to move account interactions into this space, we hope to create an interface where users knew where to address security concerns, and access the controls to address those concerns. Current password managers hint at this functionality (and include innovative tools, such as security audits) but their placement outside the authentication interaction hampers the functionality they are able to support.

We conducted a usability evaluation of ByPass and found that this approach shows promising usability, and can help users to better manage their accounts in a secure manner.

We also conducted a security analysis of ByPass and showed the security improvements that can be achieved with the support of APIs for password managers. Our study shows that many known security vulnerabilities can be eradicated from the foundation of password managers, and significant usability can be gained with the inclusion of APIs support for password managers.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Safaie, Tina
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:31 March 2021
Thesis Supervisor(s):Mannan, Mohammad and Youssef, Amr and Stobert, Elizabeth
ID Code:988250
Deposited By: Tina Safaie
Deposited On:29 Jun 2021 23:17
Last Modified:29 Jun 2021 23:17
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top