This study investigates non-technical users’ perceptions, attitudes, and acceptance of formally verified password managers. To address this problem, we conducted formative interviews (n=15) followed by a double-blind controlled experiment (n=200), integrating validated trust scales, usability assessments, and qualitative thematic analysis. Results reveal, for the first time, statistically significant user preference for formally verified password managers (p<0.01), driven primarily by perceived enhanced trustworthiness and professionalism—though skepticism persists regarding technical details. Our contributions are threefold: (1) the first empirical evidence of broadly positive baseline attitudes toward formal verification among non-technical users; (2) identification of key psychological mechanisms influencing adoption decisions, including trust calibration and expertise attribution; and (3) three empirically grounded communication strategies to bridge the cognitive gap between formal methods and end users—specifically, abstraction-layered explanations, analogy-based framing, and context-sensitive transparency. These findings advance human-centered formal methods and inform usable security design.

Formal verification has recently been increasingly used to prove the correctness and security of many applications. It is attractive because it can prove the absence of errors with the same certainty as mathematicians proving theorems. However, while most security experts recognize the value of formal verification, the views of non-technical users on this topic are unknown. To address this issue, we designed and implemented two experiments to understand how formal verification impacts users. Our approach started with a formative study involving 15 participants, followed by the main quantitative study with 200 individuals. We focus on the application domain of password managers since it has been documented that the lack of trust in password managers might lead to lower adoption. Moreover, recent efforts have focused on formally verifying (parts of) password managers. We conclude that formal verification is seen as desirable by users and identify three actional recommendations to improve formal verification communication efforts.