When I talked about Gridsure yesterday, I made the mistake of assuming that the article in which I'd read about the technology actually understood it. This turned out to be a serious mistake, as the article actually left out a major and important step — as I would have discovered, had I remembered to check primary sources myself.
What the article neglected to mention — and what the writer of the article possibly failed to understand — was that you don't just hit the "keys" on the random touchpad grid corresponding to your chosen pattern. You read off the digits from that random grid corresponding to your chosen pattern and enter them in a separate field using a hard or soft keypad. GrIDsure has a Flash-animated demo here.
That is a whole different kettle of fish, and a far better idea. With that addition, this at-first-sight half-baked idea becomes a de facto one-time pad that is, indeed, a great improvement on a fixed four-digit PIN. The key factor is that since you enter the correct digits separately, rather than keying them in on the grid, someone attempting to shouldersurf your PIN never gets the opportunity to see your pattern (we'll assume for the moment that they do not have the opportunity to install a gaze-tracking device on, say, your ATM, as that is a much more complex task than installing a card skimmer). Since the random grid is 5x5 (or perhaps even larger), each digit appears in multiple locations on the grid, making it difficult to guess your pattern even if the attacker was able to see which digits you entered. (Of course, if the attacker installed a hidden camera watching the entry device, as has been done on many ATM skimmer devices, then he may have both the grid and the keyed-in digits, and may be able to successfully derive your pattern within a double-digit number of attempts. But even that's a lot better than just having your PIN right there off the camera.)
So, I retract my criticism. It's not perfect, no. But GrIDsure is a clever idea that is indeed a big improvement. Best of all, it should be easy to implement on existing ATMs via a software upgrade.
The hard part would probably be convincing the banks to use it... unfortunately, too many US banks and credit card issuers seem to take the approach that it's cheaper to clean up card compromises and identity theft after the fact than to make any serious effort to prevent them in the first place.
Addendum:
Stuart Russell at GrIDsure makes the following comments regarding banking use:
One small, additional comment, for what it is worth: whilst the GrIDsure method certainly could be applied to an ATM device, we are actually working with a couple of British and French banks at the moment and we're promoting our technology as an ideal mechanism for on-line banking login and authentication (i.e. a replacement for the traditional username and password combo). GrIDsure is highly resistant to key-logging and screen scraping attacks, so we're hopeful that if banks adopt GrIDsure here, it's not a giant leap to then move the technology on to an ATM machine or handheld card terminal.
Addendum 2:
Another benefit of the idea just occurred to me. One common technique used when trying to crack a fixed numeric security code on, say, a vault or security door, where a single code is used for an extended period of time by all persons authorized for access, is to examine the keypad for differential wear. If there is a clear pattern of differential wear, the odds are very high that the most-worn keys correspond to the digits of the security code, drastically reducing the effective keyspace. If you know the number of digits in the code, all that may remain is to put the digits in the correct order. Because GrIDsure randomizes the actual code entered every time the access point is used, not only should there be no distinct pattern of differential wear, but even if differential wear were present, it would offer no clues useful for gaining unauthorized access.