Red Button and Yellow Button: Usable Security for Lost Security Tokens

What do would you do if you misplaced your credit card?  You are pretty sure it is in your other jacket, locked in the office for the weekend but you aren’t absolutely certain. Would you call the bank and cancel it immediately?


The option of cancelling a security token when it is potentially jeopardized can lead to lost time, productivity and outright cost.  If you cancel but then find the token (card) you have removed the threat but you are stuck with the cost. This might create a situation where you are risking security because of the cost of the security measures themselves. Gambling with security is not considered best practice, so what do we do to prevent it?  What if there were an easy third option between all and nothing to temporarily freeze the account while you looked for the card?

Ian Goldberg from the University of Waterloo and Graeme Jenkinson, David Llewellyn-Jones and Frank Stajano at the University of Cambridge in the UK recently looked at this problem in the context of the Pico security token.  They looked at the implications and possible strategies for putting into practice a system allowing a ‘yellow button’ to freeze access and a ‘red button’ to revoke access. The implementation of this feature would be a non-trivial matter as the mechanism for adding an additional state would required robust authentication, particularly in the case that it could be switched off or ‘unpressed’ by the user.  Any freeze on an account should only be able to be reversed by the person authorized to access the account.  One way of doing this could be to create an unlock code when the button is pressed so that only the person initiating the freeze can reverse it.

A security approach where a person is in anyway incentivized to gamble with security requires resolution. Current approaches of having a policy of not gambling don’t recognize the reality for most people.  The Yellow Button concept appears to be a step towards providing a solution that provides real world options for realistic security.  I look forward to further developments.



Goldberg, I., Jenkinson, G., Llewellyn-Jones, D., & Stajano, F. (2016, April). Red Button and Yellow Button: Usable Security for Lost Security Tokens. In Cambridge International Workshop on Security Protocols (pp. 165-171). Springer, Cham.