How Blind and Low-Vision Users Manage Their Passwords

• URL: http://arxiv.org/abs/2510.13538v1
• Date: Wed, 15 Oct 2025 13:33:45 GMT
• Title: How Blind and Low-Vision Users Manage Their Passwords
• Authors: Alexander Ponticello, Filipo Sharevski, Simon Anell, Katharina Krombholz,
• Abstract summary: This paper investigates how Blind and Low-Vision (BLV) users tackle password management.<n>We found that all participants utilize password managers to some extent, which they perceive as fairly accessible.<n>The security advantages - generating strong, random passwords - were avoided mainly due to the absence of practical accessibility.
• Score: 58.76726339294067
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Managing passwords securely and conveniently is still an open problem for many users. Existing research has examined users' password management strategies and identified pain points, such as security concerns, leading to insecure practices. We investigate how Blind and Low-Vision (BLV) users tackle this problem and how password managers can assist them. This paper presents the results of a qualitative interview study with N = 33 BLV participants. We found that all participants utilize password managers to some extent, which they perceive as fairly accessible. However, the adoption is mainly driven by the convenience of storing and retrieving passwords. The security advantages - generating strong, random passwords - were avoided mainly due to the absence of practical accessibility. Password managers do not adhere to BLV users' underlying needs for agency, which stem from experiences with inaccessible software and vendors who deprioritize accessibility issues. Underutilization of password managers leads BLV users to adopt insecure practices, such as reusing predictable passwords or resorting to 'security through obscurity' by writing important credentials in braille. We conclude our analysis by discussing the need to implement practical accessibility and usability improvements for password managers as a way of establishing trust and secure practices while maintaining BLV users' agency.

Related papers

• An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites [46.750111141477646]
  We perform the first systematic analysis of 111 password update processes deployed on top-ranked websites.<n>Websites deploy highly diverse, often complex, confusing password update processes and lack the support of password managers.<n>We give recommendations for web developers, the web standardization community, and security researchers.
  arXiv  Detail & Related papers  (2025-11-13T09:18:07Z)
• Evaluating Language Model Reasoning about Confidential Information [95.64687778185703]
  We study whether language models exhibit contextual robustness, or the capability to adhere to context-dependent safety specifications.<n>We develop a benchmark (PasswordEval) that measures whether language models can correctly determine when a user request is authorized.<n>We find that current open- and closed-source models struggle with this seemingly simple task, and that, perhaps surprisingly, reasoning capabilities do not generally improve performance.
  arXiv  Detail & Related papers  (2025-08-27T15:39:46Z)
• Are Users More Willing to Use Formally Verified Password Managers? [46.01440321321548]
  We design and implement two experiments to understand how formal verification impacts users.<n>We focus on the application domain of password managers since it has been documented that the lack of trust in password managers might lead to lower adoption.<n>We conclude that formal verification is seen as desirable by users and identify three actional recommendations to improve formal verification communication efforts.
  arXiv  Detail & Related papers  (2025-04-02T20:57:49Z)
• Online Authentication Habits of Indian Users [1.5354118838872373]
  We conducted a survey with 90 participants residing in India to better understand the mindset of people on using password managers and two-factor authentication (2FA)<n>Our findings suggest that a majority of the participants have used 2FA and password managers in some form, although they are sometimes unaware of their formal names.<n>The primary motivation for using password managers is the convenience of auto-filling. However, some participants avoid using password managers due to a lack of trust in these tools.
  arXiv  Detail & Related papers  (2025-01-24T08:45:53Z)
• A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices [2.8698289487200856]
  We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges. These challenges lead users to weaken their passwords to increase the ease of entry. We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.
  arXiv  Detail & Related papers  (2024-09-04T19:28:36Z)
• Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
  We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
  arXiv  Detail & Related papers  (2024-05-24T07:51:15Z)
• Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers [7.049738935364298]
  Malicious client-side scripts and browser extensions can steal passwords after they have been autofilled by the manager into the web page. This paper explores what role the password manager can take in preventing the theft of autofilled credentials without requiring a change to user behavior.
  arXiv  Detail & Related papers  (2024-02-09T03:21:14Z)
• PassViz: A Visualisation System for Analysing Leaked Passwords [2.2530496464901106]
  PassViz is a command-line tool for visualising and analysing leaked passwords in a 2-D space. We show how PassViz can be used to visually analyse different aspects of leaked passwords and to facilitate the discovery of previously unknown password patterns.
  arXiv  Detail & Related papers  (2023-09-22T16:06:26Z)
• Tales from the Git: Automating the detection of secrets on code and assessing developers' passwords choices [8.086010366384247]
  This is the first study investigating the developer traits in password selection across different programming languages and contexts. Despite the fact that developers may have carelessly leaked their code on public repositories, our findings indicate that they tend to use significantly more secure passwords.
  arXiv  Detail & Related papers  (2023-07-03T09:44:10Z)
• PassGPT: Password Modeling and (Guided) Generation with Large Language Models [59.11160990637616]
  We present PassGPT, a large language model trained on password leaks for password generation. We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
  arXiv  Detail & Related papers  (2023-06-02T13:49:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.