Communications of the ACM
Communications of the ACM
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
The Resurrecting Duckling - What Next?
Revised Papers from the 8th International Workshop on Security Protocols
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Verifiable Secret Redistribution for Archive Systems
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
Protecting unattended computers without software
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
An RFID Distance Bounding Protocol
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Combining Crypto with Biometrics Effectively
IEEE Transactions on Computers
Mobile Device Security Using Transient Authentication
IEEE Transactions on Mobile Computing
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Do strong web passwords accomplish anything?
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Keep your enemies close: distance bounding against smartcard relay attacks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
One-Time Password Access to Any Server without Changing the Server
ISC '08 Proceedings of the 11th international conference on Information Security
It's not what you know, but who you know: a social approach to last-resort authentication
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Threshold things that think: usable authorization for resharing
Proceedings of the 5th Symposium on Usable Privacy and Security
Accessing Password-Protected Resources without the Password
CSIE '09 Proceedings of the 2009 WRI World Congress on Computer Science and Information Engineering - Volume 04
The compliance budget: managing security behaviour in organisations
Proceedings of the 2008 workshop on New security paradigms
Choose the red pill and the blue pill: a position paper
Proceedings of the 2008 workshop on New security paradigms
Security Protocols
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
A taxonomy of single sign-on systems
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Proceedings of the 13th international conference on Security protocols
Where do security policies come from?
Proceedings of the Sixth Symposium on Usable Privacy and Security
Multichannel protocols to prevent relay attacks
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Progressive authentication: deciding when to authenticate on mobile phones
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Am i in good company? a privacy-protecting protocol for cooperating ubiquitous computing devices
SP'12 Proceedings of the 20th international conference on Security Protocols
PIN skimmer: inferring PINs through the camera and microphone
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Hi-index | 0.00 |
From a usability viewpoint, passwords and PINs have reached the end of their useful life. Even though they are convenient for implementers, for users they are increasingly unmanageable. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. Yet we can't abandon passwords until we come up with an alternative method of user authentication that is both usable and secure. We present an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Unlike most alternatives, Pico doesn't merely address the case of web passwords: it also applies to all the other contexts in which users must at present remember passwords, passphrases and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides "continuous authentication" and is resistant to brute force guessing, dictionary attacks, phishing and keylogging.