Password

(© jamdesign - stock.adobe.com)

What If Your Password Manager Had Nothing to Steal? A New Study Puts That Idea to the Test

In A Nutshell

  • HIPPO is a store-less password manager that generates a unique password for each site on demand and saves no password vault, leaving nothing for hackers to steal in a breach.
  • In a lab study, participants rated HIPPO higher than plain password-only login on login ease, satisfaction, perceived security, and trust.
  • Users trusted HIPPO significantly more, giving it a 4.04 out of 5 for perceived security versus 3.09 for standard password entry.
  • Recovery after a forgotten master password and changing the master password remain practical challenges that researchers say need more work before the tool is ready for everyday use at scale.

High-profile incidents involving password-manager vaults have raised a difficult question: what happens when the place built to protect passwords becomes the target? When a vault is breached, many accounts stored inside it can potentially be put at risk at once. A store-less password manager tested in a new study is built around a different premise. Keep no vault of saved passwords, so there are no saved account passwords to steal.

Researchers put a tool called HIPPO (Hidden-Password Online Password) through its paces against standard password-only login. Rather than keeping a vault of saved credentials, HIPPO generates a fresh, unique password for each website on demand, using a single master password the user already has in their head. Once the login is done, neither the master password nor the generated password is stored. When results came back, participants, including the roughly 30 percent who said they had never used a password manager, rated HIPPO higher on login ease, login satisfaction, perceived security, and trust. They also reported higher satisfaction with password updates, though some other usability measures did not differ significantly between the two methods.

Why a Vaultless Password Manager Solves a Problem Traditional Tools Create

Password managers built around vaults, tools like 1Password, LastPass, Bitwarden, and Apple’s Keychain, work by keeping an encrypted database of all a user’s credentials, stored either on the device or in the cloud. That handles the memory problem well enough. But the vault itself becomes a prize target. One successful breach can expose passwords for dozens or hundreds of accounts at once.

HIPPO works differently. It uses a browser extension and a remote server in a privacy-preserving exchange that helps turn the master password and the website’s domain into a site-specific login password, without storing the master password or the generated password on either end. HIPPO fills in the login field automatically, but it does not keep a saved vault of credentials afterward.

internet password
What if a password manager forgot your passwords on purpose? A new study says that approach may actually be safer and easier to use. (Credit: freestocks.org from Pexels)

How the Password Manager Study Tested HIPPO Against Traditional Login

The research team recruited 25 participants for the study, accepted for publication in IEEE Internet Computing, and had them complete tasks using both HIPPO and conventional password entry. Each person logged into a Gmail account 10 times per method and completed a password update using HIPPO. Sessions ran about 25 minutes.

On a 5-point scale, HIPPO averaged 4.61 for login ease versus 3.83 for plain password entry. Satisfaction scores ran 4.43 to 3.61 in HIPPO’s favor. Both gaps were statistically significant, meaning they were unlikely to be due to chance. Password update satisfaction also came out higher for HIPPO.

Users Rated the Vaultless Password Manager Higher on Security and Trust

Security and trust were where the gap widened most. Participants gave HIPPO a 4.04 out of 5 for perceived security, compared to 3.09 for password-only login. Trust scores were 4.00 versus 3.30. Both differences were statistically significant.

In written feedback, participants described HIPPO-generated passwords as “complex,” “secure,” “randomized,” and “hard to guess.” Most said they would use it for real accounts, listing banks, credit cards, social media, and email as top candidates. A handful were uncertain or uninterested, which the researchers chalked up to individual variation in habits.

Where users stumbled was the activation step. Before typing a master password, users had to press F2 or enter a short trigger sequence to switch HIPPO on. Some forgot mid-task and made small errors as a result. Researchers pointed to this as the most obvious fix needed, suggesting automatic activation or a visible icon built into the password field itself.

HIPPO’s Vaultless Design Comes With Recovery Risks Worth Knowing

Here’s the honest catch: if someone forgets their master password, there’s no saved vault to fall back on. Recovery means going through each individual website’s own reset process, one by one. Changing the master password is an even bigger undertaking, since every account tied to HIPPO would need to be updated. Researchers acknowledged both scenarios need cleaner user guidance before the tool is ready for everyday use at scale.

Those may not come up during everyday login, but they matter a lot when they do. Researchers say future work should test how recovery and master-password changes hold up over longer, real-world use. For the large share of people who have avoided password managers because they don’t trust handing credentials to a third-party vault, HIPPO’s lab results are at least a reason to watch the space. In a controlled setting, it outperformed plain password login on the measures users are likely to notice most: login ease, login satisfaction, perceived security, and trust.

Paper Notes

Limitations

This study involved 25 participants drawn from a single university-affiliated pool, which limits how broadly the results apply to the general population. Tasks were completed in a fixed order, with traditional login first and HIPPO second, so some learning or fatigue effects may have shaped the ratings. Participants also used a randomly assigned password for the traditional login task, which doesn’t fully reflect how people choose and remember their own passwords day to day. As a single lab session, the study couldn’t capture longer-term adoption, cross-device behavior, or how users handle edge cases like forgotten master passwords over time.

Funding and Disclosures

No specific funding statement or conflict-of-interest declaration was visible in the provided author-accepted version of the paper. One co-author, Maliheh Shirvanian, is affiliated with Netflix Inc. All other researchers are affiliated with Jazan University in Saudi Arabia or Texas A&M University.

Publication Details

Authors: Mohammed Jubur (Jazan University), Maliheh Shirvanian (Netflix Inc.), Salahaldeen Duraibi (Jazan University), Nitesh Saxena (Texas A&M University) | Title: “Comparing a Store-less Password Manager with Traditional Password-Only Authentication” | Journal: IEEE Internet Computing | DOI: 10.1109/MIC.2026.3668165

About StudyFinds Analysis

Called "brilliant," "fantastic," and "spot on" by scientists and researchers, our acclaimed StudyFinds Analysis articles are created using an exclusive AI-based model with complete human oversight by the StudyFinds Editorial Team. For these articles, we use an unparalleled LLM process across multiple systems to analyze entire journal papers, extract data, and create accurate, accessible content. Our writing and editing team proofreads and polishes each and every article before publishing. With recent studies showing that artificial intelligence can interpret scientific research as well as (or even better) than field experts and specialists, StudyFinds was among the earliest to adopt and test this technology before approving its widespread use on our site. We stand by our practice and continuously update our processes to ensure the very highest level of accuracy. Read our AI Policy (link below) for more information.

Read More About StudyFinds

Our Editorial Process

StudyFinds publishes digestible, agenda-free, transparent research summaries that are intended to inform the reader as well as stir civil, educated debate. We do not agree nor disagree with any of the studies we post, rather, we encourage our readers to debate the veracity of the findings themselves. All articles published on StudyFinds are vetted by our editors prior to publication and include links back to the source or corresponding journal article, if possible.

Read More →

Our Editorial Team

Steve Fink

Editor-in-Chief

John Anderer

Associate Editor

Leave a Reply