{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T18:46:41Z","timestamp":1771613201596,"version":"3.50.1"},"reference-count":46,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T00:00:00Z","timestamp":1604016000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100007613","name":"Majmaah University","doi-asserted-by":"publisher","award":["N\/A"],"award-info":[{"award-number":["N\/A"]}],"id":[{"id":"10.13039\/501100007613","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>A password is considered to be the first line of defence in protecting online accounts, but there are problems when people handle their own passwords, for example, password reuse and difficult to memorize. Password managers appear to be a promising solution to help people handle their passwords. However, there is low adoption of password managers, even though they are widely available, and there are fewer studies on users of password managers. Therefore, the issues that cause people not to use password managers must be investigated and, more generally, what users think about them and the user interfaces of password managers. In this paper, we report three studies that we conducted: on user interfaces and the functions of three password managers; a usability test and an interview study; and an online questionnaire study about users and non-users of password managers, which also compares experts and non-experts regarding their use (or non-use) of password managers. Our findings show that usability is not a major problem, rather lack of trust and transparency are the main reasons for the low adoption of password managers. Users of password managers have trust and security concerns, while there are a few issues with the user interfaces and functions of password managers.<\/jats:p>","DOI":"10.3390\/fi12110189","type":"journal-article","created":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T09:29:32Z","timestamp":1604050172000},"page":"189","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Password Managers\u2014It\u2019s All about Trust and Transparency"],"prefix":"10.3390","volume":"12","author":[{"given":"Fahad","family":"Alodhyani","sequence":"first","affiliation":[{"name":"School of Computer Science and Informatics, Cardiff University, Queens Building, Cardiff CF24 3AA, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2701-7809","authenticated-orcid":false,"given":"George","family":"Theodorakopoulos","sequence":"additional","affiliation":[{"name":"School of Computer Science and Informatics, Cardiff University, Queens Building, Cardiff CF24 3AA, UK"}]},{"given":"Philipp","family":"Reinecke","sequence":"additional","affiliation":[{"name":"School of Computer Science and Informatics, Cardiff University, Queens Building, Cardiff CF24 3AA, UK"}]}],"member":"1968","published-online":{"date-parts":[[2020,10,30]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1145\/2699390","article-title":"Passwords and the evolution of imperfect authentication","volume":"58","author":"Bonneau","year":"2015","journal-title":"Commun. ACM"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Haque, S.T., Wright, M., and Scielzo, S. (2013, January 18\u201320). A study of user password strategy for multiple accounts. Proceedings of the Third ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA.","DOI":"10.1145\/2435349.2435373"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Zhao, R., and Yue, C. (2013, January 18\u201320). All your browser-saved passwords could belong to us: A security analysis and a cloud-based new design. Proceedings of the Third ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA.","DOI":"10.1145\/2435349.2435397"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Li, Y., Wang, H., and Sun, K. (2016, January 10\u201315). A study of personal information in human-chosen passwords and its security implications. Proceedings of the 35th IEEE International Conference on Computer Communications (INFOCOM 2016), San Francisco, CA, USA.","DOI":"10.1109\/INFOCOM.2016.7524583"},{"key":"ref_5","unstructured":"Florencio, D., Herley, C., and Van Oorschot, P.C. (2014, January 20\u201322). Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, USA."},{"key":"ref_6","unstructured":"Habib, H., Naeini, P.E., Devlin, S., Oates, M., Swoopes, C., Bauer, L., Christin, N., and Cranor, L.F. (2018, January 12\u201314). User behaviors and attitudes under password expiration policies. Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), Baltimore, MD, USA."},{"key":"ref_7","unstructured":"Ion, I., Reeder, R., and Consolvo, S. (2015, January 22\u201324). No one can hack my mind: Comparing Expert and Non-Expert Security Practices. Proceedings of the Eleventh Symposium on Usable Privacy and Security (SOUPS 2015), Ottawa, ON, Canada."},{"key":"ref_8","unstructured":"Fagan, M., and Khan, M.M.H. (2016, January 22\u201324). Why do they do what they do? A study of what motivates users to (not) follow computer security advice. Proceedings of the Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO, USA."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1186\/s13673-017-0093-6","article-title":"An investigation into users\u2019 considerations towards using password managers","volume":"7","author":"Fagan","year":"2017","journal-title":"Hum.-Centric Comput. Inf. Sci."},{"key":"ref_10","first-page":"1","article-title":"A Usability Study and Critique of Two Password Managers","volume":"15","author":"Chiasson","year":"2006","journal-title":"Usenix Secur. Symp."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1145\/3183341","article-title":"The password life cycle","volume":"21","author":"Stobert","year":"2018","journal-title":"Acm Trans. Priv. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Stobert, E., and Biddle, R. (2014, January 15\u201318). A Password Manager that Doesn\u2019t Remember Passwords. Proceedings of the 2014 New Security Paradigms Workshop, Victoria, BC, Canada.","DOI":"10.1145\/2683467.2683471"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"McCarney, D., Barrera, D., Clark, J., Chiasson, S., and van Oorschot, P.C. (2012, January 3\u20137). Tapas: Design, implementation, and usability evaluation of a password manager. Proceedings of the 28th Annual Computer Security Applications Conference, Orlando, FL, USA.","DOI":"10.1145\/2420950.2420964"},{"key":"ref_14","unstructured":"Li, Y., Wang, H., and Sun, K. (2017, January 22\u201325). BluePass: A Secure Hand-Free Password Manager. Proceedings of the International Conference on Security and Privacy in Communication Systems, Niagara Falls, ON, Canada."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Li, Z., He, W., Akhawe, D., and Song, D. (2014, January 20\u201322). The emperor\u2019s new password manager: Security analysis of web-based password managers. Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, USA.","DOI":"10.21236\/ADA614474"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Seiler-Hwang, S., Arias-Cabarcos, P., Mar\u00edn, A., Almenares, F., D\u00edaz-S\u00e1nchez, D., and Becker, C. (2019, January 11\u201315). I don\u2019t see why I would ever want to use it Analyzing the Usability of Popular Smartphone Password Managers. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3354192"},{"key":"ref_17","unstructured":"Alkaldi, N., and Renaud, K. (2020, October 29). Why do People Adopt, or Reject, Smartphone Password Managers. Available online: http:\/\/eprints.gla.ac.uk\/120760\/7\/120760.pdf."},{"key":"ref_18","unstructured":"Stobert, E., and Biddle, R. (2015, January 7\u20139). Expert password management. Proceedings of the International Conference on Passwords, Cambridge, UK."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"344","DOI":"10.1108\/IMCS-12-2012-0072","article-title":"A comparison of password feedback mechanisms and their impact on password entropy","volume":"21","author":"Ciampa","year":"2013","journal-title":"Inf. Manag. Comput. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Ur, B., Bees, J., Segreti, S.M., Bauer, L., Christin, N., and Cranor, L.F. (2016, January 7\u201312). Do Users\u2019 Perceptions of Password Security Match Reality?. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, San Jose, CA, USA.","DOI":"10.1145\/2858036.2858546"},{"key":"ref_21","unstructured":"Gao, X., Yang, Y., Liu, C., Mitropoulos, C., Lindqvist, J., and Oulasvirta, A. (2018, January 15\u201317). Forgetting of passwords: Ecological theory and data. Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA."},{"key":"ref_22","unstructured":"Lyastani, S.G., Schilling, M., Fahl, S., Backes, M., and Bugiel, S. (2018, January 15\u201317). Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse.. Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA."},{"key":"ref_23","unstructured":"Wash, R., Rader, E., Berman, R., and Wellmer, Z. (2016, January 22\u201324). Understanding password choices: How frequently entered passwords are re-used across websites. Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Denver, CO, USA."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Pearman, S., Thomas, J., Naeini, P.E., Habib, H., Bauer, L., Christin, N., Cranor, L.F., Egelman, S., and Forget, A. (November, January 30). Let\u2019s Go in for a Closer Look: Observing Passwords in Their Natural Habitat. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA.","DOI":"10.1145\/3133956.3133973"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Poornachandran, P., Nithun, M., Pal, S., Ashok, A., and Ajayan, A. (2016, January 22\u201323). Password reuse behavior: How massive online data breaches impacts personal data in web. Proceedings of the Innovations in Computer Science and Engineering, Hyderabad, India.","DOI":"10.1007\/978-981-10-0419-3_24"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"AlMaqbali, F., and Chris, J.M. (2017, January 23\u201326). AutoPass: An automatic password generator. Proceedings of the 2017 International Carnahan Conference on Security Technology (ICCST), Madrid, Spain.","DOI":"10.1109\/CCST.2017.8167791"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1109\/MITP.2016.81","article-title":"Comparing Password Management Software: Toward Usable and Secure Enterprise Authentication","volume":"18","author":"Palacios","year":"2016","journal-title":"IT Prof."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Chiasson, S., Forget, A., Stobert, E., van Oorschot, P.C., and Biddle, R. (2009, January 9\u201313). Multiple password interference in text passwords and click-based graphical passwords. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA.","DOI":"10.1145\/1653662.1653722"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F., and Egelman, S. (2011, January 7\u201312). Of passwords and people: Measuring the effect of password-composition policies. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Vancouver, BC, Canada.","DOI":"10.1145\/1978942.1979321"},{"key":"ref_30","unstructured":"Stobert, E., and Biddle, R. (2014, January 9\u201311). The password life cycle: User behaviour in managing passwords. Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS 2014), Menlo Park, CA, USA."},{"key":"ref_31","unstructured":"Pearman, S., Zhang, S.A., Bauer, L., Christin, N., and Cranor, L.F. (2019, January 11\u201313). Why people (don\u2019t) use password managers effectively. Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), Santa Clara, CA, USA."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Aurigemma, S., Mattson, T., and Leonard, L. (2017, January 4\u20137). So Much Promise, so Little Use: What Is Stopping Home End-Users from Using Password Manager Applications. Proceedings of the Innovative Behavioral Is Security and Privacy Research, Hilton Waikoloa Village, HI, USA.","DOI":"10.24251\/HICSS.2017.490"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Golla, M., and D\u00fcrmuth, M. (2018, January 15\u201319). On the accuracy of password strength meters. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243769"},{"key":"ref_34","unstructured":"Wong, E. (2020, July 29). Heuristic Evaluation: How to Conduct a Heuristic Evaluation. Available online: www.interaction-design.org\/literature\/article\/heuristic-evaluation-how-to-conduct-a-heuristic-evaluation."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Nielsen, J. (1994, January 24\u201328). Enhancing the explanatory power of usability heuristics. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Boston, MA, USA.","DOI":"10.1145\/191666.191729"},{"key":"ref_36","unstructured":"Nielsen, J. (2020, July 29). 10 Usability Heuristics for User Interface Design. Available online: www.nngroup.com\/articles\/ten-usability-heuristics."},{"key":"ref_37","unstructured":"Pierotti, D. (2020, July 29). Xerox\/Nielsen 13 Usability Heuristics. Available online: https:\/\/uxmanager.net\/heuristics\/xeroxnielsen-13-usability-heuristics."},{"key":"ref_38","unstructured":"Broida, R. (2020, July 29). This Is the Best Free Password Manager. Available online: www.cnet.com\/news\/this-is-the-best-free-password-manager\/."},{"key":"ref_39","unstructured":"Coppock, M. (2020, July 29). The Best Password Managers for 2020. Available online: https:\/\/www.digitaltrends.com\/computing\/best-password-managers\/."},{"key":"ref_40","unstructured":"Rubenking, N.J. (2020, July 29). The Best Password Managers for 2020. Available online: https:\/\/uk.pcmag.com\/password-managers\/4296\/the-best-password-managers."},{"key":"ref_41","unstructured":"Ellis, C., and Turner, B. (2020, July 29). Best Password Managers in 2020: Free, and Paid Apps for Secure Password Lists. Available online: https:\/\/www.techradar.com\/uk\/best\/password-manager."},{"key":"ref_42","unstructured":"Miles, M.B., and Huberman, A.M. (1994). Qualitative Data Analysis: An Expanded Sourcebook, Sage."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"457","DOI":"10.1177\/001872089203400407","article-title":"Refining the test phase of usability evaluation: How many subjects is enough?","volume":"34","author":"Virzi","year":"1992","journal-title":"Hum. Factors"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"379","DOI":"10.3758\/BF03195514","article-title":"Beyond the five-user assumption: Benefits of increased sample sizes in usability testing","volume":"35","author":"Faulkner","year":"2003","journal-title":"Behav. Res. Methods Instrum. Comput."},{"key":"ref_45","unstructured":"Hachman, M. (2020, July 29). Google Chrome\u2019s New Password Manager Makes Securing Chrome Even More Important. Available online: www.pcworld.com\/article\/3303596\/google-chrome-new-password-manager.html."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Alkaldi, N., and Renaud, K. (2019, January 8\u201311). Encouraging password manager adoption by meeting adopter self-determination needs. Proceedings of the 52nd Hawaii International Conference on System Sciences, Grand Wailea, HI, USA.","DOI":"10.24251\/HICSS.2019.582"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/12\/11\/189\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:27:01Z","timestamp":1760178421000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/12\/11\/189"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,30]]},"references-count":46,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2020,11]]}},"alternative-id":["fi12110189"],"URL":"https:\/\/doi.org\/10.3390\/fi12110189","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10,30]]}}}