























Abstract:Password updates are a critical part of the password lifecycle and are recommended following exposure of reused passwords or suspected compromise. However, password update processes are often cumbersome, require manual password creation, and involve inconsistent website workflows that hinder reliable automation by password managers.
In this work, we conduct the first in-depth, systematic analysis of 111 password update processes deployed on top-ranked websites. We provide novel insights into their overall security, usability, and automation capabilities, and contribute to authentication security research by improving the understanding of password update processes. Websites often deploy highly diverse, complex, and confusing password update processes that are not supported by password managers. Processes are often challenging to use, and end-users struggle to transfer experience and knowledge across websites. Notably, security measures designed to enhance security often hinder password manager automation. We conclude our work by discussing our findings and giving recommendations for web developers, the web standardization community, and security researchers.
From: Alexander Krause [view email]
[v1]
Thu, 13 Nov 2025 09:18:07 UTC (810 KB)
[v2]
Fri, 14 Nov 2025 08:49:42 UTC (775 KB)
[v3]
Fri, 19 Jun 2026 10:52:17 UTC (414 KB)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。