If A Pattern Can Beat The FBI, Maybe It Should Be The New PIN

Written by Frank Hayes
March 21st, 2012

Maybe Android phones are more secure for mobile payments than we thought. Earlier this month, an FBI forensics lab was unable to unlock a Samsung Galaxy W smartphone after it got a warrant to examine the phone belonging to a suspected pimp in San Diego. According to Ars Technica, the phone was locked with Android’s “pattern lock,” which involves dragging a finger along an onscreen keypad, rather than specifically punching in a PIN. That seems to have been enough to keep out the feds, who had to get a court order to ask for Google’s help to access the phone.

Four-digit PINs are notoriously insecure, but they’re still the default security mechanism for both payment cards and alternative payment schemes—in part because they can be entered using a POS device, computer keyboard or phone keypad, and in part because they’ve been around for 40 years. The total possible choices for four-digit PINs are 10,000, while the pattern-lock options could top more than 150 million. Considering that smartphone screens and many POS devices can now handle pattern-lock style security, maybe it’s time for a new default. If it’s hard enough to keep out the FBI, it might be good enough to lock a mobile wallet.


2 Comments | Read If A Pattern Can Beat The FBI, Maybe It Should Be The New PIN

  1. A reader Says:

    The nature of the PIN or pattern or password has almost nothing to do with it. The security came from the five-tries-and-it-locks-up-requiring-more-authentication model.

    It could be argued that Apple’s model is at least as secure. They can be configured to wipe personal data the device after n failed tries, requiring the owner restore it from a backup.

  2. A Responder Says:

    The focus of the article was not device related, but rather the concept of using gestures for authentication, rather than a PIN. Based upon the exponentially higher number of possible combinations, the author suggests they might be used for securing devices which, if concepts and technologies technologies like NFC or mobile wallets take off, would serve as a more secure method to protect the users’ financial and personal information. Why must every mobile accolade, other than Apple’s, be subject to an immediate repudiation?


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.