Voice password to unlock phone/apps

I have a friend who’s elderly father died from Covid-19. Living near Philly he was very careful he would wear his mask, he would wear his latex gloves everywhere. He would wipe down all used surfaces with Clorox wipes. But he would use his cell phone in public through the mask.

It was determined that at least once, he forgot to wipe down his phone after he got home after he removed his mask and gloves.

3 Likes

retinal + fingerprint + DNA + passphrase + PIN + voice + UFO = perfect unlock procedure

how long would that take ?

Still hope for the BB OS 10 picture password functionality to get revived some day in the future: https://www.youtube.com/watch?v=ucpQ_0iHrWg

1 Like

Care to describe to us how that works from a user perspective?

Of course! When setting it up you choose a picture you like which acts as the background during the unlock process. Then you get a matrix with randomly distributed numbers from 0 to 9 which acts as a layer above the picture. The key is like one number (e.g. “6”) which has to be relocated to a predefined place in the picture by dragging the screen. I hope that’s understandable, if not feel free to ask again or watch the YouTube Video. :slight_smile: The main advantage over Androids pattern unlock is that the number matrix gets randomized every single time you try to unlock your phone - so it’s basically impossible to spy your unlock pattern. For more security, someone could just implement a second number without telling you that the first one was right.

2 Likes

It may be difficult or impossible for a shoulder surfer to get your “Blackberry picture password” from one unlock event. However isn’t it the case that with two unlock events the odds reduce in favor of the shoulder surfer (if she has photographic memory) and with three unlock events the odds reduce further in favor of the shoulder surfer and so on?

If the shoulder surfer is the surveillance cameras that are ubiquitous in today’s cities then you can assume photographic memory.

So if using picture password frequently in public then you may need to change the picture password proportionately frequently.

1 Like

i don’t doubt they catch faces and can id based on walking posture but such a fast, discrete gesture as an unlock based on picture-password should be quite hard

i’ve become skilled enough that i can unlock my phone in my pocket without even looking at the screen (physical keyboard hehe)

1 Like

I am not aware of any actual research on that but

  • when it comes to security, it is better to fail safe i.e. in the absence of actual research, assume the worst
  • there is certainly the motivation to break this (at least for selected targets) and the cameras are already there

There are a lot of variables in the real world to contend with e.g. resolution of camera, whether it has optical zoom, distance from screen to camera, angle between normal to screen and camera to screen, frame rate, velocity of target relative to camera.

I would start with the most pessimistic scenario i.e. optimum surveillance conditions. If the surveillance hack works in optimum conditions then many people would consider it broken already.

Really though I just asked a theoretical question … does the surveillance hack work at all?

Before asking I did look for any existing research. I did find actual research for other types of picture-gesture-based unlock but not for the specific methodology used by the Blackberry.

that’s what i like about it … it’s a hybrid design (i.e has both strengths and weaknesses of both input methods - virtual and physical)

I think that your “in the pocket” technique is the most secure though. :wink:

honestly that depends a LOT on the individual’s hand dexterity … i’ve seen people who can’t move their fingers for the life of them … and then there is the memory problem …

honestly i don’t believe i’m on the top with either but i don’t suck at least :slight_smile:

1 Like

Sometimes I can’t even answer my damn new android in time because I haven’t got the swipe technique “just right” to answer an incoming call.

that’s why i do NOT like swipe gestures for answering ANY phone calls.

a smaller screen and overall chassis size lends itself more easily to this particular purpose. that’s why i enjoy my bbq10 even though it no longer receives OS updates from the manufacturer …

“hi dear ! yeah, ok no white flour bread it is !”

I ran some sims to see approximately how secure the BB Picture Password is, in the face of surveillance captures of the screen during unlock.

It does depend on how many digits are in the grid of random numbers (which I don’t know in the case of the actual BB). I ran two sims: 9x7 and 16x9

9x7: averages about 3.5 screen captures to break and there is a 93% chance that 4 or fewer screen captures will break it.

16x9: unsurprisingly is better, averages about 3.9 screen captures to break and there is an 86% chance that 4 or fewer screen captures will break it.

Regardless of the size of the grid, it is always possible that as few as 2 screen captures will break it and there is no upper bound on the number of screen captures that might be required. For the 9x7 grid the probability that 2 screen captures break it is quite small and for the 16x9 grid the probability is tiny. 11 or 12 is about as high as you will see for the above grid sizes and the probability of requiring more becomes vanishingly small.

As the size of the grid increases, you really need to make the digits smaller - otherwise the user won’t see the underlying image very well - and smaller digits obviously helps, in a practical sense, with countering surveillance.

My conclusions:

  1. I wouldn’t be that comfortable using this mechanism in public.

  2. However I think there are a few relatively minor improvements that could be made and which would strengthen the mechanism considerably but with some cost in complexity (usability).

Now all we need is a phone to implement this on … :slight_smile:

3 Likes