Exploration and Field Study of a Browser-Based Password Manager Using Icon-Based Passwords
They carry out a hybrid lab and field study of a password manager program, and report on usability and security. The paper explores iPMAN, a browser-based password manager that in addition uses a graphical password scheme for the master password. They present the findings as a set of observations and insights expected to be of interest both to those exploring password managers, and graphical passwords. Motivated by the findings, but also of independent interest, they also present a new salt generation method using blind signatures, to protect against offline attacks, decreasing user inconvenience by generating salt significantly faster than earlier work (Halderman et al. 2005).