This article is part of our exclusive IEEE Journal Watch series in partnership with IEEE Xplore.
Most people are all too familiar with attempting to type out a password multiple times—only to get locked out of their accounts, triggering a vicious cycle of new passwords that are quickly forgotten. Password managers can be a helpful solution to sidestep this issue but also come with some risk if the saved passwords become compromised.
However, there is a different solution that does not involve saving passwords on a server. Instead, it requires a single master password that is easily remembered or written down on paper.
In a recent study, researchers found that people are willing to complete one extra step to access their accounts using the approach, which they report feeling is more secure and easier to use than traditional manual password entry. The results were published 27 February in IEEE Internet Computing.
HIPPO Password Manager Security
Remembering multiple passwords across various accounts is a challenge for many people. Password managers avoid the need to memorize every single password by storing encrypted passwords in a secure online “vault.” Still, these vaults can be hacked. Malicious attackers can break into the vaults’ servers or steal the passwords by hacking the user’s own computer.
To overcome these challenges, a team of researchers created a password manager that doesn’t store the passwords, called HIPPO (Hidden-Password Online Password), which works like a browser extension.
The user needs to remember or write down only one master password. As they visit each site that requires them to log in, they enter their master password, and then HIPPO generates a site-specific password on the spot.
To do so, HIPPO’s browser extension first applies a cryptographic function called an oblivious pseudorandom function to the master password. The result is a website-specific “masked” password that is sent to the HIPPO server. That server applies its own secret cryptographic key and sends the result back. The browser then removes its temporary mask and uses the result to generate the site-specific password on the spot.
“You can think of it as a calculator computing the exact same complex password on the spot every time you visit the site, eliminating the need to save it anywhere,” says Mohammed Jubur, an assistant professor of computer science at Jazan University, in Saudi Arabia, and co-creator of HIPPO. “Neither the master secret nor the derived site password is ever stored locally or remotely—the fresh-derived [password] is simply autofilled into the target site’s login field.”
User Perception and Trust for Password Managers
In their study, Jubur and colleagues had 25 volunteers provide feedback on HIPPO, comparing it to traditional manual password entry. Participants were tasked with setting up their accounts with a password given to them on a piece of paper. They were then asked to log in to a site 10 times using traditional manual password entry, and another 10 times using HIPPO. Participants rated their experience with each approach, evaluating different factors such as perceived security and ease of use.
The results show that users rated both approaches with a “good” usability score. However, Jubur notes, “participants perceived HIPPO to be significantly more secure and trustworthy compared to traditional password-only authentication.”
Whereas HIPPO received an average score of 4.04 out of 5 for perceived security, traditional manual password entry received a score of 3.09. Users also reported higher trust scores for HIPPO, at 4.00, compared to 3.30 for traditional password entry.
The researchers were surprised to learn that users also reported HIPPO as being easier to use—even though it requires an extra activation step, such as pressing F2 or entering a prefix like “@@” to activate the password-generation mode.
“We initially expected HIPPO’s usability to be merely comparable [to traditional password entry],” explains Nitesh Saxena, a professor in the Department of Computer Science and Engineering and associate director of the Global Cyber Research Institute (GCRI) at Texas A&M University, who co-created HIPPO with Jubur. “However, participants found the cognitive burden of repeatedly typing a complex random password to be so substantial, that even a tool with an extra step improved their experience.”
The researchers note that this was a small-scale, single-session study, so a follow-up study over a longer period is needed to explore HIPPO’s performance.
Jubur adds that, in future work, the team plans to evaluate longer-term life-cycle events, such as measuring the completion time, error rates, and lockout risk associated with HIPPO.
For example, he says, “we also plan to evaluate the user experience and the risk of account lockouts when a user needs to change their master password, which forces them to update their credentials across all their connected websites.”