[tHe.iR1sH]

I'm not a n00b. I wish we would stop going over the basics...I didn't mention them because I thought based on my original submission we would move past assuming such.

Posted via CB10

[m3mb3rsh1p]

Hehe. As you said, probably just very (un)lucky guesses.

It's such a unique system that it's exciting to imagine how it could be improved.

Perhaps...
- have a two-step unlock
- guarantee the distance of the key from the lockation
- require a targeted motion to ensure you are not guessing eg actually click on the key but unlock using a copy.
...

[ZeroBarrier]

I just had a thought, what about a 3-stage picture password. Choose 3 numbers and 3 locations on the picture. The layer would randomize each successful input prompting for the next number/location combination. This would potentially kill off any dumb luck unlocks.

Posted via CB10

[MrGlenn]

You say they guess your number/location randomly. But what you describe is they just accidentally get it right, they still have no idea what the actual answer is if they had to try it again.

5 times in half a year is not a lot for random guessing. If you had the chance to regularly try random swipe gestures on their devices, you would probably unlock their devices a few times as well.

I do agree the number should not appear on your location, that way they can't just move the grid minutely and unlock it anyway. That situation can happen quite a lot.

Try what I do: for the location choose a spot that is actually partially off the visible screen. That way the grid will almost never start with a number on that spot.

BlackBerry 10 signed.

[skstrials]

Try guessing this


Posted via CB10 using Blackberry Q10

[endevour]

This is the one I use. :P
And no - my magic number is not 8 and nope the circle is not the location.



Overall - and I think it has been mentioned lots of times - picture password is for convenience!
And I have to say I love it. If I really do need more security I change to passwords and use some kind of sentence. Since you know... length matters

Have a great day

[cvendra]

I agree to OP that most of the time the number lies too close to the destination. So the chances of accidental unlocking is high.

Otherwise it's pretty secure if you don't choose obvious points.

Z10, STL100-1, 10.2.1.3175

[cvendra]

Let's see if the picture is too obvious. Let's guess his picture point and see how many of us get it right.

Either above the sun or on bottom cloud just below 6.

Z10, STL100-1, 10.2.1.3175

[rflan7]

This is the photo I us, and I've never had anyone guess my password. I've even told them the number to use. I wonder what photo the OP uses

Posted via CB10

This. I've had a number of people interested in how picture password works and keen to have a go at cracking it. They've watched me do it multiple times, I've even given them the number, and they still can't solve it.

Are you using a photo with a circle in the middle on a blank background? Would make it kind of obvious, even more so if you have a 'favourite' number.

[Raestloz]

Picture Password is actually secure when used against brute force, because the entropy becomes too dam* high, but the problem is the fact that people can get lucky relatively easier.

Regarding a few stuff seen as security problems:
1. Numbers can appear directly on top of the destination to throw off people. If a certain number never appears on top of a certain spot, then it'd be the obvious answer, which you can try by pressing cancel numerous times (which will reset the grid)

2. The inertial drop can be a useful technique when mastered, which will allow you to throw off people by letting go of your finger where you're not supposed to be with precise dropping

The only real problem is people getting lucky, which has a significantly lower chance with normal alphanumeric password. Perhaps BlackBerry can allow us to configure 2 or 3 picture passwords, used interchangeably, so each time we want to input a password, the number, position and even the picture can be different, definitely will throw off people

Z10 STL100-1/10.2.1.3247

[lfuentesimon]

This is the one I use. :P
And no - my magic number is not 8 and nope the circle is not the location.



Overall - and I think it has been mentioned lots of times - picture password is for convenience!
And I have to say I love it. If I really do need more security I change to passwords and use some kind of sentence. Since you know... length matters

Have a great day

Funny

I find pic password is rather secure... one has posted a nice pic of his/her cat, let's say pic password is "put number 5 in the middle of the right eye of the cat", if:

1.- there's no reason why anybody expects you to choose number 5.
2.- there's no reason why anybody expects you to put the number in the middle of the right eye

and taking into account:

1.- probably you're given more than one 5 in the pattern
2.- you don't need to put your finger onto a 5 and drag it, because you can drag from any place on your screen, everything that matters is a 5 getting exactly in the correct place

there's very little probability that anybody deducts your pic password. But one can be lucky enough, of course.

[anischab]

I just had a thought, what about a 3-stage picture password. Choose 3 numbers and 3 locations on the picture. The layer would randomize each successful input prompting for the next number/location combination. This would potentially kill off any dumb luck unlocks.

Posted via CB10

Too much time to unlock... I'd then turn it off and would type my password.

BlackBerry*Q10, T-Mobile Germany - SQN100-3, Running OS 10.2.1.2941

[Ruslan Botsyurko]

As much as I love picture password and even more I like challenging my friends to guess my passport while I tell them how it works and show them how I unlock the phone, once I got into the same situation as the OP - a person unlocked my BlackBerry without actually guessing the combination.

I showed the picture passport to my friend and let her try, in the third try she returned me an unlocked Z10, I was amazed and embarrassed at the same time. She said it was easy and that she guessed my combination by watching me unlock the phone, then she said "I'll show you again" and to her and mine surprise the phone stayed locked, so her guess was wrong, but she got lucky and while dragging another number to another destination she also got my number to my destination for the first time.

When you think about it, making a more dense grid would actually increase a chance of such a lucky guesses. If you're not completely dumb to use easy to guess pictures and obvious locations, there is little to no chance of guessing your combination, but BlackBerry has to figure out how to avoid those lucky occasions.

Posted via CB10

[ronfc]

I must be unlucky. They have no idea what the password was that they guessed and couldn't repeat it.

Yes, I think you are. One colleague of mine who's using an Android device said he couldn't even guess what number did I align to what location even if I did it in front of him, unlike the pattern-style of Android and/or iOS.

Cave, cave, moderator videt

[Ed Gar]

Is it the 6 on top of the cloud, or the 8 on top of the ray?

[tinochiko]

I had a friend who had me convinced that he had hacked my BlackBerry as he kept on unlocking my phone with picture password activated..

I figured out eventually that he had just seen me put in my numerical password so all he had to do was get picture password wrong 5 times and wholla, he was in my phone..

I think it could do with some improvement in terms of the system and maybe a rethinking that could make it even faster, but I'm happy with it

Check Out TechCraze

[StephanieMaks]

My only issue with picture password is that about 1 in 10 times, my selected number appears directly over my selected area, so you just have to touch the screen to unlock the phone.

This happens too often, IMHO.

[tHe.iR1sH]

None of the guessed numbers are my number or location. I doubt you could even describe the location.

Posted via CB10

[Thud Hardsmack]

Picture Password is actually secure when used against brute force, because the entropy becomes too dam* high, but the problem is the fact that people can get lucky relatively easier.

Regarding a few stuff seen as security problems:
1. Numbers can appear directly on top of the destination to throw off people. If a certain number never appears on top of a certain spot, then it'd be the obvious answer, which you can try by pressing cancel numerous times (which will reset the grid)

2. The inertial drop can be a useful technique when mastered, which will allow you to throw off people by letting go of your finger where you're not supposed to be with precise dropping

The only real problem is people getting lucky, which has a significantly lower chance with normal alphanumeric password. Perhaps BlackBerry can allow us to configure 2 or 3 picture passwords, used interchangeably, so each time we want to input a password, the number, position and even the picture can be different, definitely will throw off people

Z10 STL100-1/10.2.1.3247

I like the "inertial drop" method myself - move the number past your unlock position and then flick it into the zone is a good attempt to throw off onlookers. But I agree with others in that, on occasion, the number is already in or near the zone. For the most part, it's pretty secure for being a convenience. I have yet to accidently unlock it or have anyone unlock it by accident or guessing.

Here's an instance of the number density and proximity... issue, if it can be considered an issue. Below is a dense number grid, and there's a number actually crossing into the zone and the correct number is right next to it. Just a bump in the right direction and the inertia motion would finish the job.

[sick_head]

Never had an issue with mine either...

Black 8520 -> white 9780 -> black 9900 -> white 9900 -> white 9810 -> white 9810 -> white Z10 -> White Q10 -> Black Z30

[SubCamp]

Or you put your finger on your number and dragged it to the location.. Pull on a different part of the screen.

I call bs

Posted via CB10

[CrackberryQ]

I think your doing the classic mistake of putting your finger on your number and dragging it to your destination.

The proper way to use the picture password is actually to put your finger anywhere on the screen except on your number and to move the whole image till your number overlaps your location.

Using this way there is no way on earth anyone can guess your password since every time the numbers are randomized.

Try it and please post back.

Send from my Q10 in Duracell Mode

[blueyestm]

Try guessing this


Posted via CB10 using Blackberry Q10

can I get that pic?

[byrdbrained]

This is not believable by any stretch of the imagination. And I'm not even willing to argue about it.

[Trini-34]

I am not saying that it is impossible... But what are the odds of someone unlocking your device 5-times? Sometimes the number and location are close- so I overstand an accidental guess- the true trick is to unlock it again... OP- did they tell you what your number and location were?