[guardian-dev] Strong Mobile Passwords with Yubikey USB Token

Nathan of Guardian nathan at guardianproject.info
Tue Jan 3 19:55:34 EST 2012

We have been experimenting with the Yubikey, a USB hardware password
token, a bit over the last few weeks and would like to share our initial
findings. We have not received any financial support or donation from
Yubico for this work. We simply think they have a very affordable,
interesting product that, due to its design, does *not* require any
on-device driver software and can easily work with any Android device
that supports USB Host/HID mode.

Our motivation for investigating this device was in finding a way to
encourage the use of strong (aka long, mixed-case, etc) passwords on
mobile devices, for use with SQLCipher, screenlock passwords, and on
boot disk encryption. The issue is that most users rely on short PINs or
a visual unlock pattern, which does not provide enough randomness to
ensure security of their data. In addition, due to the use of a
touchscreen, fingerprint oil smudges on the screen often reveal the
numbers entered or the pattern drawn to unlock the device (See the
“Smudge Attacks on Smartphone Touch Screens” paper.)

More here:

More information about the Guardian-dev mailing list