Monthly Archives: July 2014
Delegation’s what you need (for usable security)
I heart PINs is a sorry tale of failed delegation (of a burglar alarm PIN). That failure was two-fold. Firstly, delegating a static shared secret such as a PIN or password invariably results in it being written down. Once written down the PIN has become a bearer token, fundamentally changing the security properties of the system. This introduces new threats whilst potentially mitigating others (given the importance of availability, loss of the token is a significant concern).
Continue reading Delegation’s what you need (for usable security)
Pico: No more passwords!
My work at the University of Cambridge:
If you want to know more, buy the Observer this weekend 26th-27th July (possibly maybe…probably not).
Smart TV dumb password
Making Skype calls using a Smart TVs is actual well…pretty smart. TVs have a nice display, good sound, and they’re usually located somewhere pretty where you can gather the whole family round for that cheery Christmas message of goodwill. Unfortunately Smart TVs bring the misery of web passwords straight to the comfort of your own living room…
I ♥ PINs
Whilst my sister and her partner are away holidaying in warmer climes, I took the opportunity to take my rabble family up to Midlands and stay at their house.
Being upstanding and security conscious citizens their house is protected by an burglar alarm. Whilst I thought I knew the PIN, I wasn’t sure and besides they might have changed it. So how to get the PIN from them? Continue reading I ♥ PINs