Passwords are still the default tool for online security—but they’re also a constant source of problems. Many people today have hundreds of accounts and for which they must manage passwords of varying complexity. Password managers can help: They create strong passwords, store them, and autofill login credentials—problem solved, right? Unfortunately, this isn’t the case, because password managers are far from being used consistently by everyone. Previous studies show that the main reasons are the fear of complicated setup, lack of trust, and lack of knowledge about existing tools. Older user groups also tend to be generally hesitant about digital tools. Alexander Ponticello’s new study expands research on password management and password manager use to a group that has received little attention so far: blind and low-vision users.
Widespread Use of Password Managers in the Community
Password managers can be an important tool for blind and low-vision people to manage their login credentials. “In fact, all 33 respondents in our study used password managers—sometimes consciously, sometimes unconsciously, simply because their browser or device offered to manage them.” These included third-party programs such as LastPass or 1Password, as well as browser-integrated password managers like the one built into Google Chrome and system-integrated password managers such as Apple Passwords. “Those who intentionally chose a password manager usually relied on recommendations from acquaintances or advice in relevant forums. Accessibility played at least as important a role as system security,” Ponticello explains.
Real Accessibility Only if Systems Work Together
Depending on the degree of impairment, blind and low-vision users rely primarily on screen readers to use their devices in everyday life. Our first intuition was that it must be a big problem that screen readers read passwords aloud in public. However, this proved to be less of a problem, as almost all study participants told us that they use headphones,” says the researcher. In addition, the speech output usually runs so fast that bystanders can hardly understand anything. However, for blind and low-vision people to use password managers smoothly, screen readers, password managers, apps, and websites must work together accordingly. “If one of these parties fails, the whole system breaks down,” says Ponticello. Unfortunately, there are still programs where accessibility seems to be an afterthought. At the latest when updates need to be installed, some users have experienced that programs no longer work properly. The result: Users feel they cannot reliably depend on the systems.
Security Versus Everyday Life: Compromises Are Common
Many of the users surveyed therefore combine password managers with backup strategies. Some even keep password lists in Braille—safely stored, but still analog. “That’s not inherently insecure,” the researcher explains. “But you have to be aware of who might have access to that list.” Other study participants said they intentionally create simpler passwords so they can enter them without a tool if necessary. „That contradicts security best practices,” he says, “but above all it shows that systems need to become more reliable.”
What (Still) Needs To Be Done—and How To Do it Better
According to Ponticello, one problem is how password managers generate passwords: Random passwords with special characters are often hard for blind people to find on the keyboard. A better alternative would be passphrases that string whole words together. “Unfortunately, screen readers then read those passwords letter by letter instead of recognizing the words. The integration hasn’t been thought through to the end,” the researcher says. App stores could also help by clearly labeling a tool’s accessibility and introducing special review categories for affected users where blind and low-vision people can get information directly. “But the most important thing is: We need accessibility by design—correct labels for buttons, a sensible focus order, and consistent screen reader flows.”
Outlook
Conducting a similar study with German users could be Ponticello’s next step. So far, legislation in the U.S. has been stricter than in the EU. Laws such as the “Americans with Disabilities Act” have long enforced strict accessibility standards for websites and digital services there. The EU is following suit with the “European Accessibility Act” (EAA). In Germany this led to the “Accessibility Strengthening Act”, which has been required to be applied since June 28, 2025. “I’m curious to see what effects this will have in the future.” Ponticello’s study shows: Accessibility is not a luxury but a basic prerequisite for digital security. Many hurdles—from lack of labeling to fragile integrations—can be solved if platforms, developers, and lawmakers take them seriously. “We need to adapt the systems, not the people,” the researcher says. “Only then can passwords be used securely by everyone.”
