A password that never sits in a digital vault may sound like a contradiction. But that is the idea behind HIPPO, a browser extension built by researchers at Texas A&M University that creates a site-specific password only when you log in, then discards it.
For people juggling dozens of accounts, that approach targets a familiar problem. Traditional password managers can help you keep track of strong, unique passwords, but they also concentrate a lot of sensitive information in one place. If that vault is compromised, the damage can spread across many accounts.
HIPPO, short for Hidden Password, Password manager Online, takes a different route. Instead of storing passwords locally, in the cloud, or in a browser vault, it asks you to remember one master password. It then combines that with the website’s domain and cryptographic protections to generate a randomized password at the moment you need it.
“From the site’s perspective, nothing changes — the website still sees a normal password,” said Dr. Nitesh Saxena, professor of computer science and engineering and associate director of the Texas A&M Global Cyber Research Institute.
The team’s findings, published in IEEE Internet Computing, suggest people may be more open to that idea than expected.
The researchers tested HIPPO in a controlled lab study with 25 participants recruited from a university-affiliated pool. Each person used both ordinary password-only login and HIPPO while working through realistic tasks, including repeated logins and a password change on a study Gmail account.
That sample came with an important caveat. Because it was small and drawn from one university setting, the results may not reflect how broader groups of people would respond over longer periods.
Even so, the pattern stood out. HIPPO scored higher than password-only login on both ease and satisfaction during login tasks. On a five-point scale, HIPPO received an average easiness score of 4.61, compared with 3.83 for password-only login. Satisfaction scores showed a similar gap, 4.43 for HIPPO and 3.61 for password-only.
Participants also rated HIPPO higher on perceived security and trust. HIPPO scored 4.04 on perceived security versus 3.09 for password-only authentication, and 4.00 on trust compared with 3.30.
That result surprised the researchers.
“We went into this expecting a clear trade-off,” Saxena said. “More security usually means more hassle. What we saw instead is that people were actually happier once they stopped worrying about remembering or typing a complex password.”
One figure helps explain why the study mattered. Thirty percent of participants said they did not use a password manager at all before the study. The rest used one to varying degrees, from occasional use to always using one.
HIPPO belongs to a category known as store-less password managers. Rather than saving an encrypted list of credentials, it derives a password on demand from a master secret and the site context.
In HIPPO’s case, the browser extension works with a server using an oblivious pseudo-random function, or OPRF-based construction, to generate a site-specific password. The system is designed so neither the master password nor the derived password is stored locally or remotely. The website still gets a password string and verifies it as usual.
That design aims at several security concerns at once. It removes a password vault that could become a high-value target, reduces the risk from manager compromise because there is no stored database to steal, and binds password derivation to the intended domain to improve phishing resilience.
There are still residual risks. The paper notes browser-side threats such as malicious extensions or DOM injection, along with site policy edge cases.
The appeal, though, may be as much psychological as technical.
“There’s something psychologically reassuring about knowing there isn’t a digital ‘safe’ full of your credentials somewhere,” he said. “Even if you trust the vault, it’s still a single point of failure – it’s like putting all of your eggs in one basket. HIPPO avoids that problem completely.”
One of the more practical parts of the study involved password updates, an area where people often get frustrated. Sites regularly demand new passwords, and that can push users toward weak patterns, reuse, or simple variations they can remember.
HIPPO tries to handle that without asking the user to invent a fresh password every time. Participants updated their study Gmail password using the extension, which generated a new version behind the scenes.
The update task produced some of the study’s most interesting results. HIPPO and password-only authentication did not differ significantly on update easiness, but HIPPO scored higher on satisfaction. It received an average satisfaction score of 4.52, compared with 3.91 for password-only updates.
“For everyday users, one of the biggest pain points is when a website demands an updated password,” Saxena said. “That’s where a lot of people get fed up. You’re told to create something new, different, stronger, again and again. HIPPO handles that invisibly, so the user doesn’t have to play password gymnastics every few months.”
Participants generally seemed comfortable with that logic. In open-ended feedback, many described HIPPO-generated passwords as “secure,” “randomized,” “complex,” or “hard-to-guess,” while also calling the system “easy to use” and “already good.”
Some said they would consider using it for banks, credit cards, email, shopping, and employer services.
The system was not flawless.
Some participants forgot to activate HIPPO before entering their master password. In the study, activation required pressing the F2 key or typing “@@” before the master password. The paper notes that users suggested simplifying the process, keeping HIPPO on all the time, or reducing the number of steps required during login.
The broader limits of the study also matter. It was a short, single-session lab test, not a real-world field study. That means it could not capture long-term adoption, repeated use across many services, or what happens when people switch devices over time.
The fixed order of tasks may also have introduced learning or fatigue effects. And while the study included a realistic password-change task, it did not fully test longer-term lifecycle problems such as changing the master password across many services or recovering after forgetting that master password.
The authors say follow-up work should examine those questions in the wild.
Still, the central result was hard to miss. “People not only tolerated a fundamentally different approach to passwords, they preferred it,” Saxena said.
The study suggests that password security tools do not always have to force a trade-off between protection and convenience.
By avoiding stored password vaults, HIPPO may appeal to users who distrust conventional password managers or worry about a single breach exposing many accounts.
At the same time, the system still needs smoother activation, clearer cues, and longer-term testing before researchers can say how well it holds up in everyday use across many devices and services.
Research findings are available online in the journal IEEE Internet Computing.
The original story “New password tool creates secure, site-specific logins that you don’t have to remember” is published in The Brighter Side of News.
Like these kind of feel good stories? Get The Brighter Side of News’ newsletter.
The post New password tool creates secure, site-specific logins that you don’t have to remember appeared first on The Brighter Side of News.
Leave a comment
You must be logged in to post a comment.