![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
A Cambridge, UK outfit called Gridsure wants to solve the problem of thieves shoulder-surfing your PIN. Their solution is this: Instead of keying in your PIN on a keypad that displays the same digits every time, they're going to display a "keypad" filled with random digits, and defeat shoulder-surfers because the random digits are a red herring — what matters is the pattern of keys that you hit. So, instead of the insecure and easily shoulder-surfed system of you hitting the same keys on a keypad every time you enter your PIN, they're going to deploy a clever new system wherein you hit the same keys on a keypad every time you enter your PIN, which will completely defeat shoulder-surfing.
... No, it doesn't make any sense to me either. Didn't anyone at Gridsure stop and think for a moment about whether this hare-brained idea even made sense?
Correction, 2010.01.27:
It transpires that the article I read that mentioned GrIDsure managed to omit a crucial detail that completely changes the strength of the technology. Please see my followup today for details.
no subject
What they do is display a grid of random characters, say 5x5 on a screen.
You've previously agreed that you'll enter, say, the characters on the upper right to lower left diagonal.
So you key in that random sequence of 5 characters.
To "shoulder surf" it, you have to see what they're entering, AND what the 5x5 random grid is.
Different random grid each time, so unless you know their "pattern", you can't enter the same characters each time.
no subject
http://www.youtube.com/watch?v=rgFOEhjdU6g
no subject