How does Pico work?
No video playback capabilities.
Understanding the background:
Watch Frank Stajano's talk from the Usenix Security 2011 conference (above).
Read Frank's original paper
"Pico: No more passwords!" and all the others we've published since (found below). Our newest video,
Understanding Pico, shows the current prototype in use.
team of researchers at the University of Cambridge Computer Lab is now working to make Pico a reality. Pico-related peer-reviewed publications by team members
Pico: No more passwords!. Proc. Security Protocols Workshop 2011, Springer LNCS 7114. © Springer. Oliver Stannard and Frank Stajano.
Am I in good company? A privacy-protecting protocol for cooperating ubiquitous computing devices. Proc. Security Protocols Workshop 2012. LNCS 7622. © Springer. Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank Stajano.
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. Proc. IEEE Symposium on Security and Privacy 2012. Extended version: UCAM-CL-TR-817. Frank Stajano, Graeme Jenkinson, Jeunese Payne, Max Spencer, Quentin Stafford-Fraser, Chris Warrington.
Bootstrapping Adoption of the Pico Password Replacement System. Proc. Security Protocols Workshop 2014, Springer LNCS 8809. © Springer. Graeme Jenkinson, Max Spencer, Chris Warrington, Frank Stajano.
I bought a new security token and all I got was this lousy phish— Relay attacks on visual code authentication schemes. Proc. Security Protocols Workshop 2014, Springer LNCS 8809. © Springer. Quentin Stafford-Fraser, Frank Stajano, Chris Warrington, Graeme Jenkinson, Max Spencer, Jeunese Payne.
To Have and Have Not: Variations on Secret Sharing to Model User Presence. Proc. UPSIDE workshop of UBICOMP 2014. Frank Stajano, Max Spencer, Graeme Jenkinson.
Password-manager friendly (PMF): Semantic annotations to improve the effectiveness of password managers. Proc. Passwords 2014, Springer LNCS 9393. Jonathan Millican and Frank Stajano.
SAVVIcode: Preventing Mafia Attacks
on Visual Code Authentication Schemes. Proc. Passwords 2014, Springer LNCS 9393. Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank
Passwords and the Evolution of Imperfect Authentication. Comms ACM 58(7):78-87, July 2015. Frank Stajano, Bruce Christianson, Mark Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer, Quentin Stafford-Fraser.
Pico without public keys. Proc. Security Protocols Workshop 2015, Springer LNCS 9379. Jeunese Payne, Graeme Jenkinson, Frank Stajano, Angela Sasse and Max Spencer.
Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens. Proc. USEC 2016, San Diego, CA, USA. Ian Goldberg, Graeme Jenkinson, David Llewellyn-Jones and Frank Stajano.
Red button and yellow button: usable security for lost security tokens. Proc. Security Protocols Workshop 2016, Brno, Czech Republic. Springer LNCS. David Llewellyn-Jones, Graeme Jenkinson and Frank Stajano.
Explicit delegation using configurable cookies. Proc. Security Protocols Workshop 2016, Brno, Czech Republic. Springer LNCS. Ian Goldberg, Graeme Jenkinson, and Frank Stajano.
Low-cost mitigation against cold boot attacks for an authentication token. In Proc. 14th International Conference on Applied Cryptography and Network Security, June 2016. Pico-related student dissertations at Cambridge
Bo Tian (BA 2012). Pico: a security token to replace passwords
Oliver Stannard (BA 2012). Picosiblings
Anders Bentzon (MPhil 2013). Security architecture and implementation for a TPM-based mobile authentication device
Jonathan Millican (BA 2014). Implementing Pico authentication for Linux
Cristian Toader (MPhil 2014). User Authentication for Pico: When to unlock a security token
Fabian Krause (MPhil 2014). Designing Secure & Usable Picosiblings: An exploration of potential pairing mechanisms
Daniel Low (BA 2015). Remote disabling of the Pico
Spencer Thang (BA 2016). Pico without Public Keys
Antonaela Siminiuc (BA 2016). Unlocking PICO with Picosiblings
I've watched the movies and read the papers. May I ask something? ➤