How Blind and Low-Vision Users Manage Their Passwords

Managing passwords securely and conveniently is still an open problem for many users. Existing research has examined users' password management strategies and identified pain points, such as security concerns, leading to insecure practices. We investigate how Blind and Low-Vision (BLV) users tackle this problem and how password managers can assist them. This paper presents the results of a qualitative interview study with N = 33 BLV participants. We found that all participants utilize password managers to some extent, which they perceive as fairly accessible. However, the adoption is mainly driven by the convenience of storing and retrieving passwords. The security advantages - generating strong, random passwords - were avoided mainly due to the absence of practical accessibility. Password managers do not adhere to BLV users' underlying needs for agency, which stem from experiences with inaccessible software and vendors who deprioritize accessibility issues. Underutilization of password managers leads BLV users to adopt insecure practices, such as reusing predictable passwords or resorting to 'security through obscurity' by writing important credentials in braille. We conclude our analysis by discussing the need to implement practical accessibility and usability improvements for password managers as a way of establishing trust and secure practices while maintaining BLV users' agency.