A person is reading a password list written in braille. Credit: Ponticello et al.
Passwords remain the go-to authentication tool in everyday life, says CISPA researcher Alexander Ponticello. At the same time, passwords are often a security weak spot: too short, too simple, and reused far too often. Blind and low-vision people face an additional hurdle: Systems need to work together sensibly for authentication processes to run smoothly.
A new qualitative study with 33 U.S. participants shows how this group manages passwords—and where improvements are needed. Ponticello presented his paper “How Blind and Low-Vision Users Manage Their Passwords” at the IT security conference CCS 2025 in Taipei.
Passwords are still the default tool for online security—but they’re also a constant source of problems. Many people today have hundreds of accounts and for which they must manage passwords of varying complexity. Password managers can help: They create strong passwords, store them, and autofill login credentials—problem solved, right?
Unfortunately, this isn’t the case, because password managers are far from being used consistently by everyone. Previous studies show that the main reasons are the fear of complicated setup, lack of trust, and lack of knowledge about existing tools. Older user groups also tend to be generally hesitant about digital tools. Ponticello’s new study expands research on password management and password manager use to a group that has received little attention so far: blind and low-vision users.
Widespread use of password managers in the community
Password managers can be an important tool for blind and low-vision people to manage their login credentials. “In fact, all 33 respondents in our study used password managers—sometimes consciously, sometimes unconsciously, simply because their browser or device offered to manage them,” says Ponticello. These included third-party programs such as LastPass or 1Password, as well as browser-integrated password managers like the one built into Google Chrome and system-integrated password managers such as Apple Passwords.
“Those who intentionally chose a password manager usually relied on recommendations from acquaintances or advice in relevant forums. Accessibility played at least as important a role as system security,” Ponticello explains.
Real accessibility only if systems work together
“Depending on the degree of impairment, blind and low-vision users rely primarily on screen readers to use their devices in everyday life. Our first intuition was that it must be a big problem that screen readers read passwords aloud in public. However, this proved to be less of a problem, as almost all study participants told us that they use headphones,” says the researcher.
In addition, the speech output usually runs so fast that bystanders can hardly understand anything. However, for blind and low-vision people to use password managers smoothly, screen readers, password managers, apps, and websites must work together accordingly.
“If one of these parties fails, the whole system breaks down,” says Ponticello.
Unfortunately, there are still programs where accessibility seems to be an afterthought. At the latest when updates need to be installed, some users have experienced that programs no longer work properly. The result: Users feel they cannot reliably depend on the systems.
Security versus everyday life: Compromises are common
Many of the users surveyed therefore combine password managers with backup strategies. Some even keep password lists in Braille—safely stored, but still analog.
“That’s not inherently insecure,” the researcher explains. “But you have to be aware of who might have access to that list.” Other study participants said they intentionally create simpler passwords so they can enter them without a tool if necessary.
“That contradicts security best practices,” he says, “but above all it shows that systems need to become more reliable.”
What (still) needs to be done—and how to do it better
According to Ponticello, one problem is how password managers generate passwords: Random passwords with special characters are often hard for blind people to find on the keyboard. A better alternative would be passphrases that string whole words together.
“Unfortunately, screen readers then read those passwords letter by letter instead of recognizing the words. The integration hasn’t been thought through to the end,” the researcher says. App stores could also help by clearly labeling a tool’s accessibility and introducing special review categories for affected users where blind and low-vision people can get information directly.
“But the most important thing is: We need accessibility by design—correct labels for buttons, a sensible focus order, and consistent screen reader flows.”
Outlook
Conducting a similar study with German users could be Ponticello’s next step. So far, legislation in the U.S. has been stricter than in the EU. Laws such as the Americans with Disabilities Act have long enforced strict accessibility standards for websites and digital services there. The EU is following suit with the European Accessibility Act (EAA).
In Germany, this led to the Accessibility Strengthening Act, which has been required to be applied since June 28, 2025. “I’m curious to see what effects this will have in the future,” says Ponticello.
Ponticello’s study shows: Accessibility is not a luxury but a basic prerequisite for digital security. Many hurdles—from lack of labeling to fragile integrations—can be solved if platforms, developers, and lawmakers take them seriously.
“We need to adapt the systems, not the people,” the researcher says. “Only then can passwords be used securely by everyone.”
Provided by
CISPA Helmholtz Center for Information Security
Citation:
How blind and low-vision users manage their passwords (2025, October 27)
retrieved 27 October 2025
from https://techxplore.com/news/2025-10-vision-users-passwords.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
OpenAI’s chief communications officer, Hannah Wong, announced internally on Monday that she is leaving the company in January, WIRED has learned. In a statement to WIRED, OpenAI spokesperson Kayla Wood confirmed the departure.
“Hannah has played a defining role in shaping how people understand OpenAI and the work we do,” said CEO Sam Altman and CEO of applications Fidji Simo in a joint statement. “She has an extraordinary ability to bring clarity to complex ideas, and to do it with care and grace. We’re deeply grateful for her leadership and partnership these last five years, and we wish her the very best.”
Wong joined OpenAI in 2021 when it was a relatively small research lab, and has led the company’s communications team as ChatGPT has grown into one of the world’s largest consumer products. She was considered instrumental in leading the company through the PR crisis that was Altman’s brief ouster and re-hiring in 2023—a period the company internally calls “the blip.” Wong assumed the chief communications officer role in August 2024, and has expanded the company’s communications team since then.
In a drafted LinkedIn post shared with WIRED, Wong said that OpenAI’s VP of communications, Lindsey Held, will lead the company’s communications team until a new chief communications officer is hired. OpenAI’s VP of marketing, Kate Rouch, is leading the search for Wong’s replacement.
“These years have been intense and deeply formative,” said Wong in the LinkedIn post. “I’m grateful I got to help tell OpenAI’s story, introduce ChatGPT and other incredible products to the world, and share more about the people forging the path to AGI during an extraordinary moment of growth and momentum.”
Wong says she looks forward to spending more time with her husband and kids as she figures out the next chapter in her career.
The UK government has launched a Women in Tech Taskforce, designed to dismantle the current barriers faced by women working in, or wanting to work in, the tech sector.
Made up of several experts from the technology ecosystem, the taskforce’s main aim is to boost economic growth, after the recent government-backed Lovelace report found the UK is suffering an annual loss of between £2bn and £3.5bn as a result of women leaving the tech sector or changing roles.
The UK’s technology secretary, Liz Kendall, said: “Technology should work for everyone. That is why I have established the Women in Tech Taskforce, to break down the barriers that still hold too many people back, and to partner with industry on practical solutions that make a real difference.
“This matters deeply to me. When women are inspired to take on a role in tech and have a seat at the table, the sector can make more representative decisions, build products that serve everyone, and unlock the innovation and growth our economy needs.”
The percentage of women in the technology workforce remains at around 22%, having grown marginally over the past five years, and the recent Lovelace report found between 40,000 and 60,000 women are leaving digital roles each year, whether for other tech roles or to leave tech for good.
When women are inspired to take on a role in tech and have a seat at the table, the sector can make more representative decisions, build products that serve everyone, and unlock the innovation and growth our economy needs Liz Kendall, Department for Science, Innovation and Technology
There are many reasons for this, one being the lack of opportunity to advance their career in their current roles. Research by other organisations has found a lack of flexibility at work and bias also play a part in either preventing women from joining the sector or contributing to their decision to leave IT.
The issues can be traced all the way to school-aged girls, who often choose not to continue with technology subjects. One reason for this is that misconceptions about the skills needed for a tech role make young women feel the sector isn’t for them.
Headed up by the founder and CEO of Stemettes, Anne-Marie Imafidon, the founding members of the taskforce include:
Liz Kendall, secretary of state for science, innovation and technology.
Anne-Marie Imafidon, founder of Stemettes; Women in Tech Envoy.
Allison Kirkby, CEO, BT Group.
Anna Brailsford, CEO and co-founder, Code First Girls.
Francesca Carlesi, CEO, Revolut.
Louise Archer, academic, Institute of Education.
Karen Blake, tech inclusion strategist; former co-CEO of the Tech Talent Charter.
Hayaatun Sillem, CEO, Royal Academy of Engineering.
Kate Bell, assistant general secretary, TUC.
Amelia Miller, co-founder and CEO, ivee.
Ismini Vasileiou, director, East Midlands Cyber Security Cluster.
Emma O’Dwyer, director of public policy, Uber.
These experts will help the government “identify and dismantle” the barriers preventing women from joining or staying in the tech sector across the areas of education, training and career progression.
They will also advise on how to support and grow diversity in the UK’s tech ecosystem and replicate the success of organisations that already have an even gender split in their tech remits.
Collaboration has been heavily pinpointed in the past as being the only way sustained change can be developed when it comes to diversity in tech, with the taskforce working on advising the government on policy, while also consulting on how government, the tech industry and education providers can work together to make it easier to increase and maintain the number of women in tech.
The taskforce will work in tandem with other government initiatives aimed at encouraging women and young people into technology careers, such as the recently launched TechFirst skills programme and the Regional Tech Booster programme, among others.
The first meeting of the Women in Tech Taskforce took place on 15 December 2025.
I love having a whimsical, comfortable wardrobe, and that doesn’t apply just to daytime clothes. My pajama collection is quite extensive, with the added requirement that each pair be both cooling and extra soft. I’m someone who overheats easily in her sleep, and with sensitive skin, it’s not a winning combination.
I’ve been growing my Cozy Earth pajama collection for years, usually getting a new set during Black Friday. Obviously, that shopping event has come and gone, but this sale gives you one more chance. And, believe it or not, it’s even better than what Cozy Earth ran sale-wise for its pajamas during Cyber Week.
Politics1 week ago
Politics1 week ago
Politics5 days ago
Fashion1 week ago
Tech6 days ago
Entertainment1 week ago
Sports5 days ago