Skip to main content


in reply to Rokosun

in the end, that all depends on your threat model, as always. Biometrics have again and again proven to be easy to circumvent, even just from public images: youtube.com/watch?v=VVxL9ymiyA…
And depending on where you live, the police might be able to force you to give them your fingerprints, but not a password.
But I fully agree that scrambled PIN pads should be more common, that helps a lot against someone just glancing over.
in reply to Nils

@thasl
P.S. I very much agree that it comes down to your own personal threat model. E.g. I haven't bothered having a password lock on my phone since the dawn of smart phones, and very grateful for all the time and hassle that saves me. But then I hardly ever use a phone, and don't have anything critical like email connected to it, so the risks involved are rather less that for most people
@Nils
in reply to Rokosun

Interesting idea thanks. Though it looks like that depending on the choice of image used, it could be even more susceptible to an over-the-shoulder attack. In the final orientation she is entering as the combination at 2:14, the number 5 stands out as the only number that is centred to a specific element in the picture. For a young person doing it quickly it may well be difficult to spot, but what about for someone with failing eyesight carefully and slowly lining it up for you?
in reply to Rokosun

It seems only somewhat more secure than gesture unlock.

It might trip-up video analyzis or surveillance unfamiliar with it, but two captures seem like enough to have a very high probability of identifying the commonality. Depending on user behavior, a single observation could be enough.

The best option, I think, would be some HMD as the sole active display.

in reply to Rokosun

very interesting idea, I like it. It is not as convenient as fingerpring sure, but having it as a second option (instead of pattern or pin) would certainly be great.
I wonder though, how many videos would be enough to crack your number and location down. Maybe even as low as two, if you overlap the pictures and see where are the numbers right before unlocking...
in reply to dieTasse

@dieTasse @Surveillance Report

Yeah if you got recorded on video and there are multiple instances of it then you might be doomed. Randomly spacing the numbers each time could make it harder maybe, but IDK..... It's not perfect for sure.....

in reply to Rokosun

The AOSP-based custom OS GrapheneOS has PIN scrambling, which makes these attacks a bit harder and also improved fingerprint unlock security.

Highly recommend looking into the project because it has many amazing security features on top of AOSP, and is one of the few custom OSes with actual security researchers developing significant improvements.

grapheneos.org/features

in reply to Rokosun

Calyx OS also offers PIN scrambling and supports more devices than Pixels.
⇧