Pico in the Wild: Replacing Passwords, One Site at a Time

We would also like to thank the European Research Council (ERC) for funding this research through grant StG 307224 (Pico) and the Engineering and Physical Sciences Research Council (EPSRC) through grant EP/M019055/1.

[1]  Paul C. van Oorschot,et al.  Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts , 2014, USENIX Security Symposium.

[2]  Dennis Strouble,et al.  PRODUCTIVITY AND USABILITY EFFECTS OF USING A TWO-FACTOR SECURITY SYSTEM , 2009 .

[3]  Kat Krol,et al.  Better the Devil You Know: A User Study of Two CAPTCHAs and a Possible Replacement , 2016 .

[4]  Dimitriadis Evangelos,et al.  The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes , 2016 .

[5]  Frank Stajano,et al.  Low-Cost Mitigation Against Cold Boot Attacks for an Authentication Token , 2016, ACNS.

[6]  Frank Stajano Pico: No More Passwords! , 2011, Security Protocols Workshop.

[7]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[8]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[9]  Joseph Bonneau,et al.  Towards Reliable Storage of 56-bit Secrets in Human Memory , 2014, USENIX Security Symposium.

[10]  Kat Krol,et al.  "Too Taxing on the Mind!" Authentication Grids are not for Everyone , 2015, HCI.

[11]  Ma Sasse,et al.  Gathering realistic authentication performance data through field trials , 2010, SOUPS 2010.

[12]  Dennis P. Mirante,et al.  Understanding Password Database Compromises , 2013 .

[13]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[14]  Kat Krol,et al.  The Great Authentication Fatigue - And How to Overcome It , 2014, HCI.

[15]  Bruce Christianson,et al.  Pico Without Public Keys , 2015, Security Protocols Workshop.

[16]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[17]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[18]  Emiliano De Cristofaro,et al.  "They brought in the horrible key ring thing!" Analysing the Usability of Two-Factor Authentication in UK Online Banking , 2015, ArXiv.

[19]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[20]  Kat Krol,et al.  Towards Robust Experimental Design for User Studies in Security and Privacy , 2016 .

[21]  M. Angela Sasse,et al.  Evaluating the usability and security of a graphical one-time PIN system , 2010, BCS HCI.

[22]  Frank Stajano,et al.  I Bought a New Security Token and All I Got Was This Lousy Phish - Relay Attacks on Visual Code Authentication Schemes , 2014, Security Protocols Workshop.

[23]  Sunny Consolvo,et al.  Experimenting at scale with google chrome's SSL warning , 2014, CHI.

[24]  Kat Krol,et al.  Report: Authentication Diary Study , 2014 .

[25]  Joseph Bonneau,et al.  The Password Thicket: Technical and Market Failures in Human Authentication on the Web , 2010, WEIS.

[26]  Frank Stajano,et al.  Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens , 2016, ArXiv.

[27]  B. Everitt,et al.  Statistical methods for rates and proportions , 1973 .