Message board for the users of flat assembler.
> Heap > idea for touch devices screen unlock
usually people use 9 dots pattern, or pass code to unlock their touch devices,
if somebody peeking at your fingers movement, or just try to read your dusty touch screen, most probably, they can guess your unlock pattern.
and i don't really think sane person will change their unlock pattern everyday,
to be fair, i haven't change mine since i set it after i bought it.
people don't like changes. true.
i just want to share a new idea,
an unlock pattern that based on clock.
the moment we touch our devices, most probably they are showing the time right now.
unlock pattern would be modify the clock,
add/decrease 1 hour from clock
move minutes to 48
shift AM to PM
add 5 to minutes
opposite direction of minutes, eg. if 35 minutes, then move minutes to 10, same as add 30 minutes
then second would be last setting, using scrollable input,
add hour and minute to get second
same as hour
an unlock pattern like this will change every time.
i guess, the cons would be, not allow you to easily unlock your device when in urgent or panic.
|10 Apr 2015, 17:22||
No, that's too easy. A better idea is when your smartphone shows you a random 256-bit number, say 102465077046034553208669924848259734637363109413008947693854674641014461242475, and a static 2048-bit number, say 14144226722531308550538552559353157706445147802732751446157942795881713778877219031939849564406597567639153679235147191938829553937127708148519704800325667589582382251416575357601857525979363003097949973656839077474815436234239454146464991616872980558191765142019624773667190838169356051511574114011588779016975824933103215232218524036659130502435364872434213296043080780118371336101027186299473245232094095782493480766873013561778554843103758496842550767251418983725893120346353679559949491331772488593778918098227898801971080340674784719783728639906810614087898874712963230500124729363775482605962629784701362887361. Then you use your school arithmetics knowledge and raise the first number to the power of your secret 2048-bit password, say 27047358776734188277685274711043968585483898209960721801927623558566859610604561326957121704964077708699518863415921659521764564967823863728225826127416250399629743133163677898836163968216060842233561396889801991850948134960969228911161736049739815900217168901697835468450861585085008778789078707363128324629862133605647676934898960515416458465222579693264947288544569851747138617214659027203961890405759429287973061406048856757101486749650147564979885081882390374708594156850946261546444425534748185998297665104436500225188152505550250531260895988634008172057261745678123405067881599214314495144979045121642858046213, modulo the second number in your head. Then you enter the result on the screen and your smartphone does the RSA verification of it.
Simple and veeery secure!
Faith is a superposition of knowledge and fallacy
|10 Apr 2015, 18:06||
Great idea! I may implement this method in my real life.
Another problem is that this cannot be applied to everywhere...
Because while websites and people are forcing you to choose a very strong password they often limit you to ridiculous amount of characters (6-12) and want your password to be secure with that.
They should allow at least 1KiB for each password... Which is nothing as they claim storage is cheap nowadays when they send you a 100MiB executable and say it is small your hard drive has terabytes of storage. :P
And I do not even have a 1 terabyte hard drive, currently only 160+160GB. D:
|10 Apr 2015, 21:28||
No, that's too easy.
To clarify it was just an ad absurdum argument, not a guide to action. An authorization scheme can be made arbitrarily complex for a human. I was once unable to draw my own signature to receive a packet, just because the postman woke me up at an inappropriate moment of my sleep. I failed three times and then he just left the packet and went away without my signature.
Faith is a superposition of knowledge and fallacy
|11 Apr 2015, 15:45||
In my country they would do otherwise. Leave you without the package and go away without signature.
They will return the next business day. Do not worry!
An absurd argument would be to use tetris instead of text password. I will explain how it would work:
Instead of memorizing a block of text, people are required to memorize tetris block arrangement and they need to provide the correct one to access the site or unlock their operating system.
The tetris would contain about 8 different shapes of 256 different colors each, the user could get color from a pallete. The grid size would be also specified by the user, he could draw grids as big as they want.
Great idea! That would make passwords completely visual and interactive!
But I think there are patent issues which will prevent the use of tetris on the form. I hope not.
|11 Apr 2015, 17:15||
< Last Thread | Next Thread >
Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.
Website powered by rwasa.