Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers
Technology and Practice of Passwords: International Conference on Passwords, PASSWORDS'14, Trondheim, Norway, December 8-10, 2014,
Revised Selected Papers. Vol. 9393. Springer, 2015.
Subtle and sometimes baﬄing variations in the implementa-tion of password-based authentication are widespread on the web. De-spite being imperceptible to end users, such variations often require thatpassword managers implement complex heuristics in order to act on theuser’s behalf. These heuristics are inherently brittle. As a result, pass-word managers are unnecessarily complex and yet they still occasionallyfail to work properly on some websites. In this paper we propose PMF,a simple set of semantic labels for password-related web forms. Thesesemantic labels allow a software agent such as a password manager toextract meaning, such as which site the login form is for and what ﬁeldin the form corresponds to the username. They also allow it to generate astrong password on the user’s behalf. PMF reduces a password manager’sdependency on complex heuristics, making its operation more eﬀectiveand dependable and bringing usability and security advantages to usersand website operators.
Available here: PDF