Pico: No More Passwords!

From a usability viewpoint, passwords and PINs have reached the end of their useful life. Even though they are convenient for implementers, for users they are increasingly unmanageable. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. Yet we can’t abandon passwords until we come up with an alternative method of user authentication that is both usable and secure. We present an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Unlike most alternatives, Pico doesn’t merely address the case of web passwords: it also applies to all the other contexts in which users must at present remember passwords, passphrases and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides “continuous authentication” and is resistant to brute force guessing, dictionary attacks, phishing and keylogging. 1 Why users are right to be fed up Remembering an unguessable and un-brute-force-able password was a manageable task twenty or thirty years ago, when each of us had to use only one or two. Since then, though, two trends in computing have made this endeavour much harder. First, computing power has grown by several orders of magnitude: once upon a time, eight characters were considered safe from brute force1; nowadays, passwords that are truly safe from brute force and from advanced guessing attacks2 typically exceed the ability of ordinary users to remember them3 4. Second, and most important, the number of computer-based services with which ? It’s OK to skip all these gazillions of footnotes. 1 The traditional DES-based crypt(3) didn’t even allow a longer password. 2 Thus, respectively, long&Fullˆ0f_$ymbo£$, or even meaningless: u4Hs9D6GdCVi. 3 Bruce Schneier, 1999: “Password crackers can now break anything that you can reasonably expect a user to memorize”. http://www.schneier.com/crypto-gram9910.html#KeyLengthandSecurity. 4 It is in theory possible to mitigate the brute-forcing threat of ever-increasing attacker power by regularly increasing the number of rounds of hashing applied to the password before using the verification value. For other uses of passwords, such as file encryption, a similar countermeasure involves the use of a highly iterated key derivation function. Online systems could rate-limit the password guessing attempts, regardless of attacker power, as appropriately argued by Florêncio et al [12]. But exIn Proc. Security Protocols Workshop 2011, Springer LNCS. Author’s preprint, revision 61 of 2011-08-31 19:55:55 +0100 (Wed, 31 Aug 2011).