“I just stopped using one and started using the other”: Motivations, Techniques, and Challenges When Switching Password Managers

Collins W. Munyendo, Peter Mayer, Adam J. Aviv

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

This paper explores what motivates password manager (PM) users in the US to switch from one PM to another, the techniques they employ when switching, and challenges they encounter throughout. Through a screener (n = 412) followed by a main survey (n = 54), we find that browser-based PMs are the most widely used, with most of these users motivated to use the PM due to convenience. Most participants that switch PMs do so for usability reasons, but are also motivated by cost, as third-party PMs' full suite of features often require a subscription fee. Some PM-switchers are also motivated by recent security breaches, such as what was reported at LastPass in the Fall of 2022, with some participants losing trust in LastPass and PMs generally as a result. Those that switch mostly employ manual techniques of moving their passwords, e.g., copying and pasting their credentials from their previous to their new PM, despite most PMs offering ways to automatically transfer credentials in bulk across PMs. Assistance during the switching process is limited, with less than half of participants that switched receiving guidance during the switching process. From these findings, we make recommendations to PMs that can improve their overall user experience and use, including eliciting and acting on regular feedback from users as well as making PM settings more easily reachable and customizable by end-users.

Original languageEnglish
Title of host publicationCCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Publication dateNov 2023
Pages3123-3137
ISBN (Electronic)9798400700507
DOIs
Publication statusPublished - Nov 2023
Event30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 - Copenhagen, Denmark
Duration: 26. Nov 202330. Nov 2023

Conference

Conference30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
Country/TerritoryDenmark
CityCopenhagen
Period26/11/202330/11/2023
SponsorACM Special Interest Group on Security, Audit and Control (SIGSAC)

Keywords

  • Authentication
  • Password Managers
  • Passwords
  • Privacy
  • Security

Fingerprint

Dive into the research topics of '“I just stopped using one and started using the other”: Motivations, Techniques, and Challenges When Switching Password Managers'. Together they form a unique fingerprint.

Cite this