Formal verification has recently been increasingly used to prove the correctness and security of many applications. It is attractive because it can prove the absence of errors with the same certainty as mathematicians proving theorems. However, while most security experts recognize the value of formal verification, the views of non-technical users on this topic are unknown. To address this issue, we designed and implemented two experiments to understand how formal verification impacts users. Our approach started with a formative study involving 15 participants, followed by the main quantitative study with 200 individuals. We focus on the application domain of password managers since it has been documented that the lack of trust in password managers might lead to lower adoption. Moreover, recent efforts have focused on formally verifying (parts of) password managers. We conclude that formal verification is seen as desirable by users and identify three actional recommendations to improve formal verification communication efforts.
View on arXiv@article{carreira2025_2504.02124,
title={ Are Users More Willing to Use Formally Verified Password Managers? },
author={ Carolina Carreira and João F. Ferreira and Alexandra Mendes and Nicolas Christin },
journal={arXiv preprint arXiv:2504.02124},
year={ 2025 }
}