Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers

Frank Stajano, Max Spencer, Graeme Jenkinson and Quentin Stafford-Fraser
Technology and Practice of Passwords: International Conference on Passwords, PASSWORDS'14, Trondheim, Norway, December 8-10, 2014, Revised Selected Papers. Vol. 9393. Springer, 2015.
Subtle and sometimes baffling variations in the implementa-tion of password-based authentication are widespread on the web. De-spite being imperceptible to end users, such variations often require thatpassword managers implement complex heuristics in order to act on theuser’s behalf. These heuristics are inherently brittle. As a result, pass-word managers are unnecessarily complex and yet they still occasionallyfail to work properly on some websites. In this paper we propose PMF,a simple set of semantic labels for password-related web forms. Thesesemantic labels allow a software agent such as a password manager toextract meaning, such as which site the login form is for and what fieldin the form corresponds to the username. They also allow it to generate astrong password on the user’s behalf. PMF reduces a password manager’sdependency on complex heuristics, making its operation more effectiveand dependable and bringing usability and security advantages to usersand website operators.

Available here: PDF