Traditional password entry in VR environments is cumbersome and insecure, while existing password managers (PMs) lack critical capabilities such as cross-application auto-filling. Method: We conducted the first systematic evaluation of VR authentication security and usability, involving 126 VR users, 91 cognitive walkthroughs, surveys, in-depth interviews, and expert reviews. Contribution/Results: Findings reveal widespread password simplification, strong user preference for biometric authentication, and severe functional gaps and inefficient interaction paradigms in current PMs deployed in VR. Based on these insights, we propose a novel VR-oriented authentication design paradigm, specifying core requirements—including cross-platform auto-filling and context-aware triggering—and deliver a practical, actionable roadmap for VR identity authentication optimization. This work provides both theoretical foundations and empirical guidelines for building secure, natural, and consistent VR authentication systems.

As Virtual Reality (VR) expands into fields like healthcare and education, ensuring secure and user-friendly authentication becomes essential. Traditional password entry methods in VR are cumbersome and insecure, making password managers (PMs) a potential solution. To explore this field, we conducted a user study (n=126 VR users) where participants expressed a strong preference for simpler passwords and showed interest in biometric authentication and password managers. On these grounds, we provide the first in-depth evaluation of PMs in VR. We report findings from 91 cognitive walkthroughs, revealing that while PMs improve usability, they are not yet ready for prime time. Key features like cross-app autofill are missing, and user experiences highlight the need for better solutions. Based on consolidated user views and expert analysis, we make recommendations on how to move forward in improving VR authentication systems, ultimately creating more practical solutions for this growing field.