Evaluating the Efficiency of Password Managers Against Real-World Phishing Pages – Volume 12 Issue 5

This study checks how password managers behave when visiting on realistic phishing pages. Testing was done in a virtual machine using Caniphish templates and XAMPP with host file trick. both browser managers including Chrome, Brave, Edge and Firefox and Standalone password managers including Bitwarden, Lastpass, Keepassxc, Proton Pass were manually tested. Findings indicate that the majority of password managers detected domain inconsistencies and prevented automatic credential filling, while certain cases necessitated manual input, and several browsers restricted access to websites because of certificate validation issues. This shows managers give safety in many cases but not always the same way. This research helps users know the limits of password managers. And also help the password manager developers make better systems.

The experimental evaluation conducted in this study demonstrates that password management tools typically succeed in preventing phishing attempts, though they are not without limitations. There are still minor cases where partial data is leaked or warnings may not be clear enough for the user. Results show that password managers while can provide you good security users too have to be careful when you are on the internet. The suggestions made here can help users be more secure, and also help the password manager developers make better systems.

[1]B. Krishna, A. Arya, A. Krishna, R. Zakarias, and S. E. Anto, “Survey on Password Managers,” International Journal of Advance Research (IJARIIE), 2025. [2]N. Alkaldi and K. Renaud, “Why Do People Adopt, or Reject, Smartphone Password Managers?,” EuroUSEC, Jul. 2016. [3]H. Alshahrani and A. Alghamdi, “The Factors Influencing the Use of Password Managers,” JISCR, Jun. 2022. [4]D. Silver, S. Jana, D. Boneh, E. Chen, and C. Jackson, “Password Managers: Attacks and Defenses,” USENIX Security Symposium, Aug. 2014. [5]S. Oesch and S. Ruoti, “That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers,” USENIX Security Symposium, Aug. 2020. [6]P. Gallus, D. Staněk, and I. Klaban, “Security Evaluation of Password Managers: A Comparative Analysis and Penetration Testing of Existing Solutions,” International Conference on Cyber Warfare and Security (ICCWS), Mar. 2025. [7]A. Fábrega, A. Namavari, R. Agarwal, B. Nassi, and T. Ristenpart, “Exploiting Leakage in Password Managers via Injection Attacks,” arXiv, Jan. 2023. [8]T. S. Oesch, “An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices,” University of Tennessee, May 2021. [9]H. Ray, F. Wolf, and R. Kuber, “Why Older Adults (Don’t) Use Password Managers,” USENIX, Aug. 2021. [10]A. Hutchinson, J. Tang, A. J. Aviv, and P. Story, “Measuring the Prevalence of Password Manager Issues Using In-Situ Experiments,” NDSS Symposium, Feb. 2024. [11]B. Naqvi, K. Perovaa, A. Farooqb, I. Makhdoomd, S. Oyedeji, and J. Porras, “Mitigation Strategies Against the Phishing Attacks,” Elsevier, Jul. 2023. A. Gautam, T. K. Yadav, K. Seamons, and S. Ruoti, “Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers,” arXiv, Feb. 2024.

Call for Paper (Hub) Fast Paper Publication IJCT Indexing & Databases Submit Manuscript Call for Paper: Sep–Oct 2025 Call for Paper: Publish Research