A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices

TL;DR

This survey investigates password entry practices across various non-desktop devices, revealing usability challenges that lead users to weaken passwords, and discusses future solutions to promote secure password generation.

Contribution

It provides the first large-scale survey of password entry behaviors on non-desktop devices, highlighting usability issues and their impact on password strength.

Findings

Password entry on non-desktop devices is common.

Usability challenges lead to weaker passwords.

Users often avoid generated passwords due to entry difficulties.

Abstract

Password managers encourage users to generate passwords to improve their security. However, research has shown that users avoid generating passwords, often giving the rationale that it is difficult to enter generated passwords on devices without a password manager. In this paper, we conduct a survey ($n=999$) of individuals from the US, UK, and Europe, exploring the range of devices on which they enter passwords and the challenges associated with password entry on those devices. We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges. These usability challenges lead users to weaken their passwords to increase the ease of entry. We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.