Blind and low-vision users face the same password challenges as everyone else, but the tools meant to make security easier often end up getting in the way. A study from the CISPA Helmholtz Center for Information Security and DePaul University found that poor accessibility in password managers can lead people to risky habits such as reusing passwords.
Researchers spoke with blind and low-vision participants who manage passwords for both personal and work accounts. Everyone in the study used some kind of password manager, with some relying on built-in options like Apple Keychain or Chrome’s password tool, and others choosing standalone apps such as KeePass or 1Password.
Partial accessibility limits use
For people with visual impairments, the ability to navigate a program determines whether it can be used safely at all. Many password managers offered only partial compatibility with screen readers. Certain actions worked properly, while others were difficult or impossible to complete.
Basic storage and autofill functions usually worked and reduced typing mistakes. More complex features, such as generating random passwords or issuing breach alerts, often failed to interact with assistive software.
Randomly created passwords could not be read aloud, and warning messages appeared as unlabeled pop-ups. When individuals could not verify or understand what a feature was doing, they avoided it.
This gap in practical accessibility meant that tools built to strengthen security became tools of convenience. People used them for ease, not for protection.
Inaccessible tools lead to risky workarounds
When password software was hard to use, participants came up with their own ways to stay organized and independent. These personal systems gave them control but also created new risks.
Several reused passwords or followed simple patterns, such as adding short sequences to meet length rules. Others kept passwords in braille notes, text files, or spreadsheets that worked better with assistive tools.
Some made braille password lists to keep their credentials accessible and as a backup during outages. This method worked well for reading and storing passwords independently, but it had drawbacks. Braille can wear down over time, and even a single damaged dot can change a password. These lists also had to be recreated often.
While braille notes might seem private because sighted people can’t read them, they offer limited protection if someone targets the list directly. This kind of security through obscurity can give users a false sense of safety. Replacing characters with their braille number codes can also feel more secure than it really is, since the pattern is easy to break once known.
Frequent software updates added to the frustration. Buttons lost labels, shortcuts stopped working, and programs that once felt reliable became unpredictable. To avoid being locked out, participants delayed updates or kept backup copies of their passwords elsewhere.
Biometrics provide a reliable alternative
Not all findings were discouraging. Many participants preferred biometric authentication, such as fingerprints or facial recognition. These methods reduced the need to handle long strings of characters and worked consistently with assistive technologies. Fingerprint sensors, in particular, provided a reliable and accessible way to authenticate without depending on fragile software interfaces.
Biometrics offered both security and independence. Users could verify their identity without needing to see a screen or type a complex password. The researchers suggest that biometric authentication should be the default for accessible systems, as it aligns well with the needs of blind and low-vision users.
They also propose making password generators produce readable passphrases instead of random symbols. Screen readers can pronounce words clearly, helping users understand and recall them. This approach would combine strong password practices with accessibility and autonomy.
Lear more:
