A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices
John Sadik, Scott Ruoti
TL;DR
The paper investigates password entry across non-desktop devices via a large Western-sample survey (n=999) to map which devices are used, how often, and what usability challenges arise when password managers are unavailable. It analyzes both quantitative device usage and qualitative user perceptions to reveal widespread device diversity, frequent usability friction, and a tendency to weaken passwords on harder-entry devices. The authors argue for device-aware password generation and improved entry interfaces, alongside education to address mental-model gaps and trust issues in password managers, biometrics, and tokens. The findings illuminate practical implications for cross-device authentication design and user-centered enhancements to promote stronger, more usable authentication across a broad range of devices.
Abstract
Password managers encourage users to generate passwords to improve their security. However, research has shown that users avoid generating passwords, often giving the rationale that it is difficult to enter generated passwords on devices without a password manager. In this paper, we conduct a survey ($n=999$) of individuals from the US, UK, and Europe, exploring the range of devices on which they enter passwords and the challenges associated with password entry on those devices. We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges. These usability challenges lead users to weaken their passwords to increase the ease of entry. We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.