Sign In

Communications of the ACM

ACM TechNews

Could A Crypto-Computer in Your Pocket Replace All Passwords?

View as: Print Mobile App Share:

With Pico, users could be immune from phishing attacks, choosing passwords, or having a password stolen.

Credit: Forbes

Cambridge University researcher Frank Stajano recently presented a paper on the Pico, a tiny, portable computer that functions as the authenticator for potentially thousands of different services or devices.

In addition to never having to remember passwords, Pico users would be immune from phishing attacks, choosing weak passwords, or even having a password stolen. "The user has a trustworthy device ... that acts as a memory prosthesis and takes on the burden of remembering authentication credentials, transforming them from 'something you know' to 'something you have,' " Stajano says.

According to Stajano, a Pico would be a small computing device with a radio and a camera, using public key cryptography to generate and store thousands of public and private key pairs, one for every app or gadget the user needs to unlock. The Pico’s camera would read a visual code on a login screen or device to identify it, and then send out a message over its radio to a remote login server, encrypting a message to it that only the service would be able to decrypt with a secret key. The system would not only confirm the identity of the user, but also the service or device the user wants to access.

From Forbes
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


No entries found