Passwords, passphrases and PINs have become a usability disaster. Even though they are convenient for implementers, they have been over-exploited, and are now increasingly unmanageable for end users, as well as insecure. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. This project will develop and evaluate an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides ``continuous authentication'' and is resistant to brute force guessing, dictionary attacks, phishing and keylogging. To promote adoption and interoperability, the Pico design has not been patented. The Principal Investigator has been invited to speak about Pico in three continents (including at USENIX Security 2011) since releasing the first draft of his design paper.
Call for proposal
See other projects for this call