Untitled

Sasse, M. Angela; Brostoff, Sacha; Weirich, Dirk

doi:10.1023/a:1011902718709

Cited by 441 publications

(45 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…certain characters disallowed, password length not to exceed some limit, etc.) 10 or discover them by trial and error.…”

Section: Pico Lens Design Trade-offs and Future Workmentioning

confidence: 99%

“…Although 9 Bearing in mind scenarios in which one Lens serves several Pico devices, as when several family members use the shared tablet in the living room. 10 It would be nice if websites published their password policy in a uniform machinereadable form; and even nicer if they imposed no upper bounds on making passwords arbitrarily long and complicated. As argued by Bonneau and Preibusch [4], websites that impose such limits probably do so because they are not hashing their passwords.…”

Section: Pico Lens Design Trade-offs and Future Workmentioning

confidence: 99%

“…As users often hold inaccurate notions of security and of the importance of security measures [1,10], the stated security benefits need to be reconciled with the benefits that end users perceive Pico to offer. However, without a working implementation and more importantly without compatible services to log in to, validating these benefits would be tricky.…”

Section: Facilitating Conditionsmentioning

confidence: 99%

See 2 more Smart Citations

Bootstrapping Adoption of the Pico Password Replacement System

Stajano

Jenkinson

Payne

et al. 2014

Security Protocols XXII

View full text Add to dashboard Cite

Abstract. In previous work we presented Pico, an authentication system designed to be both more usable and more secure than passwords. One unsolved problem was that Pico, in its quest to explore the whole solution space without being bound by compatibility shackles, requires changes at both the prover and the verifier, which makes it hard to convince anyone to adopt it: users won't buy an authentication gadget that doesn't let them log into anything and service providers won't support a system that no users are equipped to log in with. In this paper we present three measures to break this vicious circle, starting with the "Pico Lens" browser add-on that rewrites websites on the fly so that they appear Pico-enabled. Our add-on offers the user most (though not all) of the usability and security benefits of Pico, thus fostering adoption from users even before service providers are on board. This will enable Pico to build up a user base. We also developed a server-side Wordpress plugin which can serve both as a reference example and as a useful enabler in its own right (as Wordpress is one of the leading content management platforms on the web). Finally, we developed a software version of the Pico client running on a smartphone, the Pico App, so that people can try out Pico (at the price of slightly reduced security) without having to acquire and carry another gadget. Having broken the vicious circle we'll be in a stronger position to persuade providers to offer support for Pico in parallel with passwords.

show abstract

“…certain characters disallowed, password length not to exceed some limit, etc.) 10 or discover them by trial and error.…”

Section: Pico Lens Design Trade-offs and Future Workmentioning

confidence: 99%

Section: Pico Lens Design Trade-offs and Future Workmentioning

confidence: 99%

Section: Facilitating Conditionsmentioning

confidence: 99%

See 1 more Smart Citation

Bootstrapping Adoption of the Pico Password Replacement System

Stajano

Jenkinson

Payne

et al. 2014

Security Protocols XXII

View full text Add to dashboard Cite

show abstract

“…Sasse et al [8] argue that security designers ought to identify and address root causes of poor user behavior. They believe that a more user-centered design would help users behave in ways more consistent with good security practices.…”

Section: Other Relevant Workmentioning

confidence: 99%

“…This model is a significant enhancement and extension of the model presented in our prior work [10]. The model considers technical factors and human factors essential to the creation of a successful password policy [8]. The model highlights the interaction between password policy and financial health, underscoring the central role policy plays in safeguarding the assets of an organization [6].…”

mentioning

confidence: 98%

A comprehensive simulation tool for the analysis of password policies

Shay

Bertino

2009

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Modern organizations rely on passwords for preventing illicit access to valuable data and resources. A well designed password policy helps users create and manage more effective passwords. This paper offers a novel model and tool for understanding, creating, and testing password policies. We present a password policy simulation model which incorporates such factors as simulated users, accounts, and services. This model and its implementation enable administrators responsible for creating and managing password policies to test them before giving them to actual users. It also allows researchers to test how different password policy factors impact security, without the time and expense of actual human studies. We begin by presenting our password policy simulation model. We next discuss prior work and validate the model by showing how it is consistent with previous research conducted on human users. We then present and discuss experimental results derived using the model.

show abstract

Cyber Security Technology Usability and Management

Smetters

2008

Wiley Handbook of Science and Technology for Homeland Security

View full text Add to dashboard Cite

show abstract

Untitled

Cited by 441 publications

References 12 publications

Bootstrapping Adoption of the Pico Password Replacement System

Bootstrapping Adoption of the Pico Password Replacement System

A comprehensive simulation tool for the analysis of password policies

Cyber Security Technology Usability and Management

Contact Info

Product

Resources

About