Skip to main content

Pico: no more passwords

Objective

Passwords, passphrases and PINs have become a usability disaster. Even though they are convenient for implementers, they have been over-exploited, and are now increasingly unmanageable for end users, as well as insecure. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. This project will develop and evaluate an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides ``continuous authentication'' and is resistant to brute force guessing, dictionary attacks, phishing and keylogging. To promote adoption and interoperability, the Pico design has not been patented. The Principal Investigator has been invited to speak about Pico in three continents (including at USENIX Security 2011) since releasing the first draft of his design paper.

Call for proposal

ERC-2012-StG_20111012
See other projects for this call

Host institution

THE CHANCELLOR MASTERS AND SCHOLARS OF THE UNIVERSITY OF CAMBRIDGE
Address
Trinity Lane The Old Schools
CB2 1TN Cambridge
United Kingdom
Activity type
Higher or Secondary Education Establishments
EU contribution
€ 1 350 000
Principal investigator
Francesco Stajano (Dr.)
Administrative Contact
Renata Schaeffer (Ms.)

Beneficiaries (1)

THE CHANCELLOR MASTERS AND SCHOLARS OF THE UNIVERSITY OF CAMBRIDGE
United Kingdom
EU contribution
€ 1 350 000
Address
Trinity Lane The Old Schools
CB2 1TN Cambridge
Activity type
Higher or Secondary Education Establishments
Principal investigator
Francesco Stajano (Dr.)
Administrative Contact
Renata Schaeffer (Ms.)