No PIN required, just shakin'
I love this idea: http://technology.newscientist.com/article/dn12912-synchronised-shaking-con%0Anects-gadgets-securely.html.
It is simple, reasonable, and solves a problem that is an absolute pain in the ass for me. If you have any bluetooth devices that don't have an input device (headsets, mice, stuff like that) there is always some wonky ritual you have to go through to get them paired with your phone or computer. The basic idea, if you skipped the above link, is that the two devices you want to pair contain accelerometers. To pair your devices, you hold them together and shake them. Since the devices are being shaken in the same pattern, the accelerometers are producing the same bitstream, so you can use it to identify the devices being shaken.
This is really similar to the concept of a one-time pad in cryptography. A bitstream is produced by some method that ensures that it is random, and a copy is distributed to the two parties that want to communicate. The transmitting party XORs her plaintext with the bitstream to produce the ciphertext. The receiving party then XORs the ciphertext with the one-time pad to reproduce the plaintext. The issue in cryptography is transmitting the one-time pad. If the pad is known to any other party, they can decrypt the message. Also, if the pad is re-used, the messages can be attacked mathematically. What these researchers have done is developed a simple way to produce an extremely short-lived key independently on the two devices from a fairly decent source of entropy. The best part is that they made it easy enough that anybody can use it. Now, I'm not qualified to judge the security of this method, but it seems like it would be fairly easy for a determined observer to grab the bitstream out of the air unless devices are specifically designed to prevent that sort of thing.
I think that this idea is at least a step in the right direction as far as usability goes, and I'll be keeping my eyes open for more stuff like it.
