Are Users More Willing to Use Formally Verified Password Managers?
- URL: http://arxiv.org/abs/2504.02124v1
- Date: Wed, 02 Apr 2025 20:57:49 GMT
- Title: Are Users More Willing to Use Formally Verified Password Managers?
- Authors: Carolina Carreira, João F. Ferreira, Alexandra Mendes, Nicolas Christin,
- Abstract summary: We design and implement two experiments to understand how formal verification impacts users.<n>We focus on the application domain of password managers since it has been documented that the lack of trust in password managers might lead to lower adoption.<n>We conclude that formal verification is seen as desirable by users and identify three actional recommendations to improve formal verification communication efforts.
- Score: 47.205801464292485
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Formal verification has recently been increasingly used to prove the correctness and security of many applications. It is attractive because it can prove the absence of errors with the same certainty as mathematicians proving theorems. However, while most security experts recognize the value of formal verification, the views of non-technical users on this topic are unknown. To address this issue, we designed and implemented two experiments to understand how formal verification impacts users. Our approach started with a formative study involving 15 participants, followed by the main quantitative study with 200 individuals. We focus on the application domain of password managers since it has been documented that the lack of trust in password managers might lead to lower adoption. Moreover, recent efforts have focused on formally verifying (parts of) password managers. We conclude that formal verification is seen as desirable by users and identify three actional recommendations to improve formal verification communication efforts.
Related papers
- Formal verification in Solidity and Move: insights from a comparative analysis [0.40964539027092906]
Solidity and Move are two contract languages with different designs and approaches to verification.<n>This paper investigates how the two languages impact verification, and what is the state-of-the-art of verification tools for the two languages.<n>Our investigation is supported by an open dataset of verification tasks performed in Certora and in the Aptos Move Prover.
arXiv Detail & Related papers (2025-02-19T18:06:01Z) - Towards Copyright Protection for Knowledge Bases of Retrieval-augmented Language Models via Ownership Verification with Reasoning [58.57194301645823]
Large language models (LLMs) are increasingly integrated into real-world applications through retrieval-augmented generation (RAG) mechanisms.<n>Existing methods that can be generalized as watermarking techniques to protect these knowledge bases typically involve poisoning attacks.<n>We propose name for harmless' copyright protection of knowledge bases.
arXiv Detail & Related papers (2025-02-10T09:15:56Z) - Online Authentication Habits of Indian Users [1.5354118838872373]
We conducted a survey with 90 participants residing in India to better understand the mindset of people on using password managers and two-factor authentication (2FA)<n>Our findings suggest that a majority of the participants have used 2FA and password managers in some form, although they are sometimes unaware of their formal names.<n>The primary motivation for using password managers is the convenience of auto-filling. However, some participants avoid using password managers due to a lack of trust in these tools.
arXiv Detail & Related papers (2025-01-24T08:45:53Z) - DebUnc: Improving Large Language Model Agent Communication With Uncertainty Metrics [52.242449026151846]
Multi-agent debates have been introduced to improve the accuracy of Large Language Models (LLMs)<n>We propose DebUnc, a debate framework that uses uncertainty metrics to assess agent confidence.
arXiv Detail & Related papers (2024-07-08T22:15:01Z) - Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords.
Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
arXiv Detail & Related papers (2024-05-24T07:51:15Z) - A Review of Password-less User Authentication Schemes [0.0]
Review examines password-less authentication schemes that have been proposed since after the death knell was placed on passwords in 2004.
We evaluate the truly password-less and practical schemes based on their impact on user experience, overall security, and ease of deployment.
arXiv Detail & Related papers (2023-12-05T15:57:40Z) - Formally Verifying a Real World Smart Contract [52.30656867727018]
We search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
In this article, we present our search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
arXiv Detail & Related papers (2023-07-05T14:30:21Z) - Targeted Honeyword Generation with Language Models [5.165256397719443]
Honeywords are fictitious passwords inserted into databases to identify password breaches.
Major difficulty is how to produce honeywords that are difficult to distinguish from real passwords.
arXiv Detail & Related papers (2022-08-15T00:06:29Z) - Backdoor Attack against Speaker Verification [86.43395230456339]
We show that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data.
We also demonstrate that existing backdoor attacks cannot be directly adopted in attacking speaker verification.
arXiv Detail & Related papers (2020-10-22T11:10:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.