{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:32:35Z","timestamp":1766442755271,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765081","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:42:02Z","timestamp":1763854922000},"page":"3192-3205","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["How Blind and Low-Vision Users Manage Their Passwords"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6119-9701","authenticated-orcid":false,"given":"Alexander","family":"Ponticello","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3058-7255","authenticated-orcid":false,"given":"Filipo","family":"Sharevski","sequence":"additional","affiliation":[{"name":"DePaul University, Chicago, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-6358-832X","authenticated-orcid":false,"given":"Simon","family":"Anell","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2425-3013","authenticated-orcid":false,"given":"Katharina","family":"Krombholz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"3523","volume-title":"Privacy Concerns and Behaviors of People with Visual Impairments. In ACM Conference on Human Factors in Computing Systems (CHI '15)","author":"Ahmed Tousif","year":"2015","unstructured":"Tousif Ahmed, Roberto Hoyle, Kay Connelly, David Crandall, and Apu Kapadia. 2015. Privacy Concerns and Behaviors of People with Visual Impairments. In ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, Seoul, Republic of Korea, 3523-3532."},{"key":"e_1_3_2_1_2_1","volume-title":"Ladner","author":"Alajarmeh Nancy","year":"2024","unstructured":"Nancy Alajarmeh and Richard E. Ladner. 2024. Password Managers Use Among Individuals Who Are Visually Impaired: Awareness, Adoption, and Rejection. International Journal of Human\u2013Computer Interaction (2024), 1-17."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2019.582"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2016.23011"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2971648.2971722"},{"key":"e_1_3_2_1_6_1","unstructured":"Arnar Birgisson. 2022. Security of Passkeys in the Google Password Manager. https:\/\/security.googleblog.com\/2022\/10\/SecurityofPasskeysintheGooglePasswordManager.html as of today."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_3_2_1_8_1","volume-title":"Thematic Analysis: A Practical Guide","author":"Braun Virginia","year":"2021","unstructured":"Virginia Braun and Victoria Clarke. 2021. Thematic Analysis: A Practical Guide. SAGE Publications."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3234695.3236342"},{"key":"e_1_3_2_1_10_1","volume-title":"Graphics Interface","author":"Faustino Daniella Briotto","year":"2020","unstructured":"Daniella Briotto Faustino, Sara Nabil, and Audrey Girouard. 2020. Bend or PIN: Studying Bend Password Authentication with People with Vision Impairment. In Graphics Interface 2020."},{"key":"e_1_3_2_1_11_1","unstructured":"Kaitlin Couillard. 2015. Password security survey results-part 1. Technical Report. RoboForm."},{"key":"e_1_3_2_1_12_1","first-page":"12","volume-title":"Cooperation and Conflict","volume":"52","author":"Croft Stuart","year":"2017","unstructured":"Stuart Croft and Nick Vaughan-Williams. 2017. Fit for purpose? Fitting ontological security studies `into' the discipline of International Relations: Towards a vernacular turn. Cooperation and Conflict, Vol. 52, 1 (04 2017), 12-30."},{"key":"e_1_3_2_1_13_1","first-page":"575","volume-title":"European Symposium on Security and Privacy Workshops (EuroSPW '23)","author":"Erinola Ahmet","unstructured":"Ahmet Erinola, Annalina Buckmann, Jennifer Friedauer, Asl? Yard?m, and M. Angela Sasse. 2023. ''As Usual, I Needed Assistance of a Seeing Person''': Experiences and Challenges of People with Disabilities and Authentication Methods. In European Symposium on Security and Privacy Workshops (EuroSPW '23). IEEE, Delft, Netherlands, 575-593."},{"volume-title":"Financial Cryptography and Data Security (FC '13)","author":"Fahl Sascha","key":"e_1_3_2_1_14_1","unstructured":"Sascha Fahl, Marian Harbach, Marten Oltrogge, Thomas Muders, and Matthew Smith. 2013. Hey, You, Get Off of My Clipboard: On How Usability Trumps Security in Android Password Managers. In Financial Cryptography and Data Security (FC '13). Springer, Okinawa, Japan, 144-161."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.4324\/9781003320609-62"},{"key":"e_1_3_2_1_16_1","unstructured":"Gilbertson Scott. 2025. The Best Password Managers to Secure Your Digital Lifes. https:\/\/www.wired.com\/story\/best-password-managers\/ as of today."},{"volume-title":"The Discovery of Grounded Theory: Strategies for Qualitative Research (1 ed.)","author":"Glaser Barney","key":"e_1_3_2_1_17_1","unstructured":"Barney Glaser and Anselm Strauss. 2017. The Discovery of Grounded Theory: Strategies for Qualitative Research (1 ed.). Routledge."},{"key":"e_1_3_2_1_18_1","volume-title":"An Analysis of Password Managers' Password Checkup Tools. In Extended Abstracts of the CHI Conference on Human Factors in Computing Systems (CHI EA '24)","author":"Hutchinson Adryana","year":"2024","unstructured":"Adryana Hutchinson, Collins W. Munyendo, Adam J Aviv, and Peter Mayer. 2024a. An Analysis of Password Managers' Password Checkup Tools. In Extended Abstracts of the CHI Conference on Human Factors in Computing Systems (CHI EA '24). ACM, Maui, Hawaii, USA."},{"key":"e_1_3_2_1_19_1","volume-title":"Measuring the Prevalence of Password Manager Issues Using In-Situ Experiments. In Network and Distributed Systems Symposium (NDSS) 2024. Symposium on Usable Security and Privacy (USEC'24)","author":"Hutchinson Adryana","year":"2024","unstructured":"Adryana Hutchinson, Jinwei Tang, Adam J Aviv, and Peter Story. 2024b. Measuring the Prevalence of Password Manager Issues Using In-Situ Experiments. In Network and Distributed Systems Symposium (NDSS) 2024. Symposium on Usable Security and Privacy (USEC'24)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445074"},{"key":"e_1_3_2_1_21_1","volume-title":"Nothing about us without us. Policy Commons","author":"Jurgens Ralf","year":"2005","unstructured":"Ralf Jurgens. 2005. Nothing about us without us. Policy Commons (2005)."},{"key":"e_1_3_2_1_22_1","first-page":"171","volume-title":"Symposium on Usable Privacy and Security (SOUPS '23)","author":"Klivan Sabrina","year":"2023","unstructured":"Sabrina Klivan, Sandra H\u00f6ltervennhoff, Nicolas Huaman, Yasemin Acar, and Sascha Fahl. 2023. ''Would You Give the Same Priority to the Bank and a Game? I Do Not!'' Exploring Credential Management Strategies and Obstacles during Password Manager Setup. In Symposium on Usable Privacy and Security (SOUPS '23). USENIX, Anaheim, California, USA, 171-190."},{"key":"e_1_3_2_1_23_1","volume-title":"USENIX Security Symposium (SSYM '21). USENIX, Virtual Conference, 91-108","author":"Lassak Leona","year":"2021","unstructured":"Leona Lassak, Annika Hildebrandt, Maximilian Golla, and Blase Ur. 2021. ''It's Stored, Hopefully, on an Encrypted Server'': Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn. In USENIX Security Symposium (SSYM '21). USENIX, Virtual Conference, 91-108."},{"key":"e_1_3_2_1_24_1","first-page":"7231","volume-title":"USENIX Security Symposium (SSYM '24)","author":"Lassak Leona","year":"2024","unstructured":"Leona Lassak, Elleen Pan, Blase Ur, and Maximilian Golla. 2024. Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication. In USENIX Security Symposium (SSYM '24). USENIX, Philadelphia, Pennsylvania, USA, 7231-7248."},{"key":"e_1_3_2_1_25_1","first-page":"203","volume-title":"USENIX Security Symposium (SSYM '18)","author":"Lyastani Sanam Ghorbani","year":"2018","unstructured":"Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, and Sven Bugiel. 2018. ''Better managed than memorized?'' Studying the Impact of Managers on Password Strength and Reuse. In USENIX Security Symposium (SSYM '18). USENIX, Baltimore, Maryland, USA, 203-220."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00047"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1177\/1049732315617444"},{"key":"e_1_3_2_1_28_1","first-page":"1849","volume-title":"USENIX Security Symposium (SSYM '22)","author":"Mayer Peter","unstructured":"Peter Mayer, Collins W. Munyendo, Michelle L. Mazurek, and Adam J. Aviv. 2022. Why Users (Don't) Use Password Managers at a Large Educational Institution. In USENIX Security Symposium (SSYM '22). USENIX, Boston, Massachusetts, USA, 1849-1866."},{"key":"e_1_3_2_1_29_1","first-page":"4625","volume-title":"Silenced and Scapegoated: Understanding the Situated Security of Marginalised Populations in Lebanon. In USENIX Security Symposium (SSYM '23)","author":"McClearn Jessica","year":"2023","unstructured":"Jessica McClearn, Rikke Bjerg Jensen, and Reem Talhouk. 2023. Othered, Silenced and Scapegoated: Understanding the Situated Security of Marginalised Populations in Lebanon. In USENIX Security Symposium (SSYM '23). USENIX, Anaheim, California, USA, 4625-4642."},{"volume-title":"Identity and Interests: A Sociology of International Relations","author":"McSweeney Bill","key":"e_1_3_2_1_30_1","unstructured":"Bill McSweeney. 1999. Security, Identity and Interests: A Sociology of International Relations. Cambridge University Press."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1177\/1354066106067346"},{"key":"e_1_3_2_1_32_1","first-page":"3123","volume-title":"ACM Conference on Computer and Communications Security (CCS '23)","author":"Munyendo Collins W.","unstructured":"Collins W. Munyendo, Peter Mayer, and Adam J. Aviv. 2023. ''I just stopped using one and started using the other'': Motivations, Techniques, and Challenges When Switching Password Managers. In ACM Conference on Computer and Communications Security (CCS '23). ACM, Copenhagen, Denmark, 3123-3137."},{"key":"e_1_3_2_1_33_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS '21). USENIX, Virtual Conference, 263-280","author":"Napoli Daniela","year":"2021","unstructured":"Daniela Napoli, Khadija Baig, Sana Maqsood, and Sonia Chiasson. 2021. ''Itextquoterightm Literally Just Hoping This Will Work:textquoteright, textquoteright Obstacles Blocking the Online Security and Privacy of Users with Visual Disabilities. In Symposium on Usable Privacy and Security (SOUPS '21). USENIX, Virtual Conference, 263-280."},{"key":"e_1_3_2_1_34_1","unstructured":"National Institute of Standards and Technology (NIST). 2024a. NIST Special Publication 800-63B: Digital Identity Guidelines - Authentication and Lifecycle Management."},{"key":"e_1_3_2_1_35_1","unstructured":"National Institute of Standards and Technology (NIST). 2024b. NIST's position on the use of password managers."},{"key":"e_1_3_2_1_36_1","first-page":"5127","volume-title":"USENIX Security Symposium (SSYM '23)","author":"Nisenoff Alexandra","year":"2023","unstructured":"Alexandra Nisenoff, Maximilian Golla, Miranda Wei, Juliette Hainline, Hayley Szymanek, Annika Braun, Annika Hildebrandt, Blair Christensen, David Langenberg, and Blase Ur. 2023. A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords. In USENIX Security Symposium (SSYM '23). USENIX, Anaheim, California, USA, 5127-5144."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3517534"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1177\/1468794112446106"},{"key":"e_1_3_2_1_39_1","first-page":"319","volume-title":"Symposium on Usable Privacy and Security (SOUPS '19)","author":"Pearman Sarah","year":"2019","unstructured":"Sarah Pearman, Shikun Aerin Zhang, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2019. Why People (Don't) Use Password Managers Effectively. In Symposium on Usable Privacy and Security (SOUPS '19). USENIX, Santa Clara, California, USA, 319-338."},{"volume-title":"USENIX Security Symposium (SSYM '21). USENIX, Virtual Conference, 73-90","author":"Ray Hirak","key":"e_1_3_2_1_40_1","unstructured":"Hirak Ray, Flynn Wolf, Ravi Kuber, and Adam J. Aviv. 2021. Why Older Adults (Don't) Use Password Managers. In USENIX Security Symposium (SSYM '21). USENIX, Virtual Conference, 73-90."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-022-01239-1"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0260210508008279"},{"key":"e_1_3_2_1_43_1","volume-title":"Deci","author":"Ryan Richard M.","year":"2000","unstructured":"Richard M. Ryan and Edward L. Deci. 2000. Self-determination theory and the facilitation of intrinsic motivation, social development, and well-being. Vol. 55, 1 (2000), 68-78."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354192"},{"key":"e_1_3_2_1_45_1","first-page":"705","volume-title":"ACM Conference on Human Factors in Computing Systems (CHI '11)","author":"Shinohara Kristen","unstructured":"Kristen Shinohara and Jacob O. Wobbrock. 2011. In the shadow of misperception: assistive technology use and social interactions. In ACM Conference on Human Factors in Computing Systems (CHI '11). ACM, Vancouver, British Columbia, Canada, 705-714."},{"key":"e_1_3_2_1_46_1","first-page":"449","volume-title":"Password Managers: Attacks and Defenses. In USENIX Security Symposium (SSYM '14)","author":"Silver David","year":"2014","unstructured":"David Silver, Suman Jana, Dan Boneh, Eric Chen, and Collin Jackson. 2014. Password Managers: Attacks and Defenses. In USENIX Security Symposium (SSYM '14). USENIX, San Diego, California, USA, 449-464."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0260210505006613"},{"key":"e_1_3_2_1_48_1","first-page":"243","volume-title":"The Password Life Cycle: User Behaviour in Managing Passwords. In Symposium on Usable Privacy and Security (SOUPS '14)","author":"Stobert Elizabeth","year":"2014","unstructured":"Elizabeth Stobert and Robert Biddle. 2014. The Password Life Cycle: User Behaviour in Managing Passwords. In Symposium on Usable Privacy and Security (SOUPS '14). USENIX, Menlo Park, California, USA, 243-255."},{"key":"e_1_3_2_1_49_1","unstructured":"Kamile Viezelyte. 2024. Juggling security: How many passwords does the average person have in 2024? Technical Report. NordPass. https:\/\/nordpass.com\/blog\/how-many-passwords-does-average-person-have\/ as of today."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978339"},{"key":"e_1_3_2_1_51_1","volume-title":"Mathijs PJ Vervloed, Harry Knoors, and Ludo Verhoeven.","author":"Withagen Ans","year":"2013","unstructured":"Ans Withagen, Astrid ML Kappers, Mathijs PJ Vervloed, Harry Knoors, and Ludo Verhoeven. 2013. Short term memory and working memory in blind versus sighted children. Research in developmental disabilities, Vol. 34, 7 (2013), 2161-2172."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132525.3134793"},{"key":"e_1_3_2_1_53_1","first-page":"581","volume-title":"Symposium on Usable Privacy and Security (SOUPS '22)","author":"Zibaei Samira","year":"2022","unstructured":"Samira Zibaei, Dinah Rinoa Malapaya, Benjamin Mercier, Amirali Salehi-Abari, and Julie Thorpe. 2022. Do Password Managers Nudge Secure (Random) Passwords?. In Symposium on Usable Privacy and Security (SOUPS '22). USENIX, Boston, Massachusetts, USA, 581-597."},{"key":"e_1_3_2_1_54_1","first-page":"211","volume-title":"Symposium on Usable Privacy and Security (SOUPS '23)","author":"Zibaei Samira","year":"2023","unstructured":"Samira Zibaei, Amirali Salehi-Abari, and Julie Thorpe. 2023. Dissecting Nudges in Password Managers: Simple Defaults are Powerful. In Symposium on Usable Privacy and Security (SOUPS '23). USENIX, Anaheim, California, USA, 211-225."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765081","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:30:41Z","timestamp":1766442641000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765081"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":54,"alternative-id":["10.1145\/3719027.3765081","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765081","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}