Thursday, August 12, 2010

Android Lock Screen Alternative Wanted

Even before I saw the below analysis of "smudge attacks" on Bruce Schneier's site, I have wanted an alternative to the stock, dot-pattern-based Android screen lock component. What I have in mind is using the Dialpad for entering your PIN. Then, when you succeed, the Dialpad is right there for quick phone calls. Of course, the driving "use case" for this is phone-call-centric, which immediately places me in a minority of smartphone users.

Another key feature would be automatically assigning speed dial numbers. My phone of 5 years ago did this. It was really convenient for every entry to have a speed dial. The assignment occurred as the contact was entered. The invocation occurred by long-pressing the last digit. So if you were calling contact 163, you dial 1-6-long-press-3.

I can already hear people saying "but I can barely remember 10 speed dials, let alone hundreds". That's not exactly the point. Your top 10 speed dials are pretty constant, but others can be very episodic. I don't call my insurance company often, for example, except when I have a claim, and then I may call them several times a day for a week.

The smudge attack suggests an additional feature--the keypad numbers should be randomly scrambled each time presented.

UPDATE: I just implemented the most basic part of this, the Auto-Load, in Tasker.
Touch screens are an increasingly common feature on
personal computing devices, especially smartphones,
where size and user interface advantages accrue from
consolidating multiple hardware components (keyboard,
number pad, etc.) into a single software definable user
interface. Oily residues, or smudges, on the touch screen
surface, are one side effect of touches from which frequently
used patterns such as a graphical password might
be inferred.
In this paper we examine the feasibility of such smudge
attacks on touch screens for smartphones, and focus our
analysis on the Android password pattern.

1 comment:

  1. Great idea! Can you share your Tasker profile that scrambles the keypad numbers before entering the pin number? Thank you so much.