Stories
Slash Boxes
Comments

SoylentNews is people

Pins and Patterns and Faces

posted by martyb on Wednesday September 27 2017, @11:48AM   Printer-friendly
from the I-saw-what-you-did-there dept.

frojack writes:

As reported by Techtimes, When it comes to unlocking your Android phone, Patterns are out and Pins are back in.

The full study: Towards Baselines for Shoulder Surfing on Mobile Authentication (PDF) (open, DOI: 10.1145/3134600.3134609) (DX) was conducted by the Naval Academy and University of Maryland.

Security researchers at the U.S. Naval Academy, together with the University of Maryland Baltimore County, published a study showing how a casual onlooker can visually memorize a person's pattern then recreate it with ease. In the tests, they found that two out of three people were able to recreate six-point unlock patterns purely by looking at them from 5 or 6 feet away.

[...] Those same conditions were then replicated with a more traditional six-digit PIN code, which proved far more difficult, with only one out of 10 observers able to recreate the PIN code after peeking.

With multiple chances to view your pattern or pin, the ability of an observer to unlock your phone grows:

In the online tests, 64 percent were able to recreate the Android-style pattern after merely one viewing, but that shot up to 80 percent after a second viewing. PIN codes, meanwhile, rendered much lower vulnerability percentages: only 11 percent were able to identify a six-digit PIN after viewing it once, and 27 percent after viewing it twice.

Apple's new FaceID, previously covered Here on SN and explained more fully on Techcrunch's extensive article has its own problems and annoyances, as well as the fear of being grabbed by police, cuffed, and your phone being held in front of your face before you have time to hit 5 button presses it takes to shut off FaceID. The phone is too new for any independent tests to have been run using pictures or movies of your face.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Pins and Patterns and Faces | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday September 28 2017, @04:04AM

    by Anonymous Coward on Thursday September 28 2017, @04:04AM (#574199)

    Using PINs or Patterns is a stupid security feature, akin to a plastic lock on a child's diary. However, I recently switched to Android from BlackBerry and was appalled to find that it still has a 17 character limit on its encryption password. This password is used to both lock the phone and lock the hardware-based encryption key for full disk encryption. This is insane, there is no reason to have a limit than the memory used to store the key, which on modern hardware should be effectively limitless from a human prespective. It makes use of passphrases, which are easier to remember than similarly secure entropic passwords, effectively impossible to secure. There seem to be some tools to at least allow you to change the encryption key password to a separate value from the locks teen password, but they require root and I am unsure if they remove the limit. The whole thing is truly a disaster.