2014 Poster Sessions : Password Managers: Risks, Pitfalls, and Improvements

Student Name : David Silver
Advisor : Dan Boneh
Research Areas: Theory
We study the security of popular password managers and their policies on automatically filling in passwords in web pages. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We show that there are significant differences in autofill policies among password managers. Many autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user’s password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers.

David Silver is a 2nd year Master's student in Computer Science, specializing in security and systems.