Don't your fingers leaves smudges for each digit in the PIN? Six one
way, half dozen the other. Personally, I frequently clean the screen
on my pants before putting my phone in my pocket.
For those interested in academic research, I'd love to see a breadth
study of cell phone authentication methods (one may already exist).
Different password complexities are required for different interfaces.
There is a risk trade-off. I don't mind my phone access password being
less secure than my online bank password.
One thing I like about Android's graphical password is that it is much
faster to enter than a PIN, making me (and most users) more inclined
to use it. I also have a much easier time changing to a new graphical
password than coming up with a new PIN (which is supported by years of
user studies in literature).
Just my two cents.
-Will
On Nov 16, 2009, at 11:05 AM, curtis wrote:
I've been thinking about this a lot lately as well... the smudges on
my screen DEFINITELY make my security pattern obvious.
This is definitely not a great idea if Android wants to make strides
towards the enterprise. I would think that it would be pretty simple
to implement the standard pin/passphrase, right?
On Nov 10, 9:09 am, JDub <[email protected]> wrote:
I'm sure this has been discussed and debated to death by now, but I
thought I'd throw in my two cents after using my Droid for a few
days.
At first the unlocking pattern utility is really cool ... but the
smudges left behind might make it easy for someone to guess what
pattern you are drawing. I find myself trying to determine what
patterns would best account for my oily fingers.
A better implementation would have the dots spaced with random
variations/distortions. For example, the dots could be uniformly
stretched out or contracted, non-uniformly stretched/contracted (ex:
one side a la trapezoid), or the entire grid could vary in its
orientation or placement. All of this of course would be random.
As it exists, I personally would rather have the traditional pin/
keypad.
--
William Enck
PhD Candidate
Department of Computer Science and Engineering
The Pennsylvania State University
[email protected]
