Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Krause, Alexander, Suray, Jacques, Schmüser, Lea, Oltrogge, Marten, Wiese, Oliver, Golla, Maximilian, Fahl, Sascha
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2511.10111
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866918201968820224
author Krause, Alexander
Suray, Jacques
Schmüser, Lea
Oltrogge, Marten
Wiese, Oliver
Golla, Maximilian
Fahl, Sascha
author_facet Krause, Alexander
Suray, Jacques
Schmüser, Lea
Oltrogge, Marten
Wiese, Oliver
Golla, Maximilian
Fahl, Sascha
contents Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical cyber hygiene measure. However, password update processes are often cumbersome and require manual password creation. Inconsistent and complex workflows and a lack of automation capabilities for password managers further negatively impact overall password security. In this work, we perform the first in-depth systematic analysis of 111 password update processes deployed on top-ranked websites. We provide novel insights into their overall security, usability, and automation capabilities and contribute to authentication security research through a better understanding of password update processes. Websites deploy highly diverse, often complex, confusing password update processes and lack the support of password managers. Processes are often hard to use, and end-users can barely transfer experiences and knowledge across websites. Notably, protective measures designed to enhance security frequently obstruct password manager automation. We conclude our work by discussing our findings and giving recommendations for web developers, the web standardization community, and security researchers.
format Preprint
id arxiv_https___arxiv_org_abs_2511_10111
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites
Krause, Alexander
Suray, Jacques
Schmüser, Lea
Oltrogge, Marten
Wiese, Oliver
Golla, Maximilian
Fahl, Sascha
Cryptography and Security
Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical cyber hygiene measure. However, password update processes are often cumbersome and require manual password creation. Inconsistent and complex workflows and a lack of automation capabilities for password managers further negatively impact overall password security. In this work, we perform the first in-depth systematic analysis of 111 password update processes deployed on top-ranked websites. We provide novel insights into their overall security, usability, and automation capabilities and contribute to authentication security research through a better understanding of password update processes. Websites deploy highly diverse, often complex, confusing password update processes and lack the support of password managers. Processes are often hard to use, and end-users can barely transfer experiences and knowledge across websites. Notably, protective measures designed to enhance security frequently obstruct password manager automation. We conclude our work by discussing our findings and giving recommendations for web developers, the web standardization community, and security researchers.
title An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites
topic Cryptography and Security
url https://arxiv.org/abs/2511.10111