A Cambridge, UK outfit called Gridsure wants to solve the problem of thieves shoulder-surfing your PIN. Their solution is this: Instead of keying in your PIN on a keypad that displays the same digits every time, they're going to display a "keypad" filled with random digits, and defeat shoulder-surfers because the random digits are a red herring — what matters is the pattern of keys that you hit. So, instead of the insecure and easily shoulder-surfed system of you hitting the same keys on a keypad every time you enter your PIN, they're going to deploy a clever new system wherein you hit the same keys on a keypad every time you enter your PIN, which will completely defeat shoulder-surfing.
... No, it doesn't make any sense to me either. Didn't anyone at Gridsure stop and think for a moment about whether this hare-brained idea even made sense?
Correction, 2010.01.27:
It transpires that the article I read that mentioned GrIDsure managed to omit a crucial detail that completely changes the strength of the technology. Please see my followup today for details.
no subject
no subject
no subject
no subject
hey, how about 5-6 digit pins? how about alphanumberics at least? 4 digits? 10,000 combos? elminate many due to other issues...
i read a blurb that claimed the reason it's 4 digits, is that the deployer's wife felt that 5 or more was too hard (for her). mmm.
#
no subject
(I can't help but think, "Poor guy must have married a real dim-bulb...")
no subject
no subject
no subject
Please tell me these people have nothing to do with defence.
It will eventually come down to bio-metrics, something about which I'm thrilled beyond words.
Ah, well. The Yankee government already has my fingerprints, if they've anyone brighter than a box of rocks, they've got a chunk of my DNA also.
no subject
What they do is display a grid of random characters, say 5x5 on a screen.
You've previously agreed that you'll enter, say, the characters on the upper right to lower left diagonal.
So you key in that random sequence of 5 characters.
To "shoulder surf" it, you have to see what they're entering, AND what the 5x5 random grid is.
Different random grid each time, so unless you know their "pattern", you can't enter the same characters each time.
no subject
http://www.youtube.com/watch?v=rgFOEhjdU6g
no subject