If A Pattern Can Beat The FBI, Maybe It Should Be The New PINWritten by Frank Hayes
Maybe Android phones are more secure for mobile payments than we thought. Earlier this month, an FBI forensics lab was unable to unlock a Samsung Galaxy W smartphone after it got a warrant to examine the phone belonging to a suspected pimp in San Diego. According to Ars Technica, the phone was locked with Android’s “pattern lock,” which involves dragging a finger along an onscreen keypad, rather than specifically punching in a PIN. That seems to have been enough to keep out the feds, who had to get a court order to ask for Google’s help to access the phone.
Four-digit PINs are notoriously insecure, but they’re still the default security mechanism for both payment cards and alternative payment schemes—in part because they can be entered using a POS device, computer keyboard or phone keypad, and in part because they’ve been around for 40 years. The total possible choices for four-digit PINs are 10,000, while the pattern-lock options could top more than 150 million. Considering that smartphone screens and many POS devices can now handle pattern-lock style security, maybe it’s time for a new default. If it’s hard enough to keep out the FBI, it might be good enough to lock a mobile wallet.