Pico is a password replacement system currently under development at the University of Cambridge. The Pico project’s strap line is: No more passwords! But is that right, should this really be our goal when designing new authentication schemes?
Tag Archives: authentication
The value of better user authentication
User authentication is a pain. AsĀ technologistsĀ it’s only natural for us to consider how we can remove than pain. However, technologists putting on the hat of an entrepreneur should be considering whether they are entering the Blue or Red Ocean before considering the blue or red pill [3].
Pico in the Guardian
Delegation’s what you need (for usable security)
I heart PINs is a sorry tale of failed delegation (of a burglar alarm PIN). That failure was two-fold. Firstly, delegating a static shared secret such as a PIN or password invariably results in it being written down. Once written down the PIN has become a bearer token, fundamentally changing the security properties of the system. This introduces new threats whilst potentially mitigating others (given the importance of availability, loss of the token is a significant concern).
Continue reading Delegation’s what you need (for usable security)
Pico: No more passwords!
My work at the University of Cambridge:
If you want to know more, buy the Observer this weekend 26th-27th July (possibly maybe…probably not).