Suman Jana: 2014 Security Workshop


Monday, April 14, 2014
Location: Fisher Conference Center, Arrillaga Alumni Center

"Password Managers: Risks, Pitfalls, and Improvements"


We study the security of popular password managers and their policies on automatically filling in passwords in web pages. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We show that there are significant differences in autofill policies among password managers. Many autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers.


Suman Jana is a visiting student researcher at Stanford University and a final year PhD student at the University of Texas at Austin. Some of his recent projects include exploring different security and privacy issues in augmented reality applications and automatically finding implementation flaws in SSL libraries. He has received several awards for his research including a best student paper award in the IEEE symposium on Security and Privacy, a NYU-Poly AT&T best applied security paper award, and a Google US/Canada fellowship in security.