flat assembler
Message board for the users of flat assembler.

Index > Heap > idea for touch devices screen unlock

Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 9000
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
screen unlock,

usually people use 9 dots pattern, or pass code to unlock their touch devices,
if somebody peeking at your fingers movement, or just try to read your dusty touch screen, most probably, they can guess your unlock pattern.

and i don't really think sane person will change their unlock pattern everyday,
to be fair, i haven't change mine since i set it after i bought it.

people don't like changes. true.

i just want to share a new idea,

an unlock pattern that based on clock.

the moment we touch our devices, most probably they are showing the time right now.

unlock pattern would be modify the clock,

eg.
possible setting

add/decrease 1 hour from clock
move minutes to 48
shift AM to PM
add 5 to minutes
opposite direction of minutes, eg. if 35 minutes, then move minutes to 10, same as add 30 minutes

then second would be last setting, using scrollable input,
eg
add hour and minute to get second
same as hour
24 format.
etc

an unlock pattern like this will change every time.
i guess, the cons would be, not allow you to easily unlock your device when in urgent or panic.
Post 10 Apr 2015, 17:22
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc
sleepsleep
No, that's too easy. A better idea is when your smartphone shows you a random 256-bit number, say 102465077046034553208669924848259734637363109413008947693854674641014461242475, and a static 2048-bit number, say 14144226722531308550538552559353157706445147802732751446157942795881713778877219031939849564406597567639153679235147191938829553937127708148519704800325667589582382251416575357601857525979363003097949973656839077474815436234239454146464991616872980558191765142019624773667190838169356051511574114011588779016975824933103215232218524036659130502435364872434213296043080780118371336101027186299473245232094095782493480766873013561778554843103758496842550767251418983725893120346353679559949491331772488593778918098227898801971080340674784719783728639906810614087898874712963230500124729363775482605962629784701362887361. Then you use your school arithmetics knowledge and raise the first number to the power of your secret 2048-bit password, say 27047358776734188277685274711043968585483898209960721801927623558566859610604561326957121704964077708699518863415921659521764564967823863728225826127416250399629743133163677898836163968216060842233561396889801991850948134960969228911161736049739815900217168901697835468450861585085008778789078707363128324629862133605647676934898960515416458465222579693264947288544569851747138617214659027203961890405759429287973061406048856757101486749650147564979885081882390374708594156850946261546444425534748185998297665104436500225188152505550250531260895988634008172057261745678123405067881599214314495144979045121642858046213, modulo the second number in your head. Then you enter the result on the screen and your smartphone does the RSA verification of it.

Simple and veeery secure!

_________________
Faith is a superposition of knowledge and fallacy
Post 10 Apr 2015, 18:06
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
l_inc
Great idea! I may implement this method in my real life.

Another problem is that this cannot be applied to everywhere...

Because while websites and people are forcing you to choose a very strong password they often limit you to ridiculous amount of characters (6-12) and want your password to be secure with that.

They should allow at least 1KiB for each password... Which is nothing as they claim storage is cheap nowadays when they send you a 100MiB executable and say it is small your hard drive has terabytes of storage. :P

And I do not even have a 1 terabyte hard drive, currently only 160+160GB. D:
Post 10 Apr 2015, 21:28
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc
l_inc wrote:
No, that's too easy.

To clarify it was just an ad absurdum argument, not a guide to action. An authorization scheme can be made arbitrarily complex for a human. I was once unable to draw my own signature to receive a packet, just because the postman woke me up at an inappropriate moment of my sleep. I failed three times and then he just left the packet and went away without my signature.

_________________
Faith is a superposition of knowledge and fallacy
Post 11 Apr 2015, 15:45
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
Quote:

I failed three times and then he just left the packet and went away without my signature.

In my country they would do otherwise. Leave you without the package and go away without signature.

They will return the next business day. Do not worry!

Quote:

To clarify it was just an ad absurdum argument, not a guide to action.

An absurd argument would be to use tetris instead of text password. I will explain how it would work:

Instead of memorizing a block of text, people are required to memorize tetris block arrangement and they need to provide the correct one to access the site or unlock their operating system.

The tetris would contain about 8 different shapes of 256 different colors each, the user could get color from a pallete. The grid size would be also specified by the user, he could draw grids as big as they want.

Great idea! That would make passwords completely visual and interactive!

But I think there are patent issues which will prevent the use of tetris on the form. I hope not.
Post 11 Apr 2015, 17:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.