- Do as it asks. Type "blackberry" [Enter] and then you will be asked for your device password. Enter that. This is all so that some child couldn't accidentally wipe your phone by playing with the picture numbers.02-05-14 09:35 AMLike 0
- We know that security is always most vulnerable to social engineering (human nature). So that leads me to the question; Should we avoid using what I call the pivot point numbers: 0, 1, 5, 9? Is it in human nature for someone trying to brute force the unlock to start with those numbers? Yes they only have 5 tries in any given session. But, if this is someone you are around a lot (life partner, business associate) they can try 3 times making note of what they tried, wait for you to unlock to reset the try count and try again later. Overtime, they will have tried many combinations.
Next, are they likely to try 0, 1, 2, 3 followed by 9, 8, 7?
So if we think we understand these human traits, what do we do? I recommend, changing it occasionally. That is always a good practice for unlock information anyway. If you suspect someone is attempting the 3 tries and stop method, you can detect that by purposely doing it wrong 2 times and see if it gives the 5 tries warning. If so, you know someone already used some tries.
This out-of-the-box idea is sparking some very fun mental exercises.
Z10 STL100-1/10.2.1.1925PatrickMJS likes this.02-05-14 10:03 AMLike 1 - We know that security is always most vulnerable to social engineering (human nature). So that leads me to the question; Should we avoid using what I call the pivot point numbers: 0, 1, 5, 9? Is it in human nature for someone trying to brute force the unlock to start with those numbers? Yes they only have 5 tries in any given session. But, if this is someone you are around a lot (life partner, business associate) they can try 3 times making note of what they tried, wait for you to unlock to reset the try count and try again later. Overtime, they will have tried many combinations.
Next, are they likely to try 0, 1, 2, 3 followed by 9, 8, 7?
So if we think we understand these human traits, what do we do? I recommend, changing it occasionally. That is always a good practice for unlock information anyway. If you suspect someone is attempting the 3 tries and stop method, you can detect that by purposely doing it wrong 2 times and see if it gives the 5 tries warning. If so, you know someone already used some tries.
This out-of-the-box idea is sparking some very fun mental exercises.
Regularly changing password is important.
Posted via CB1002-05-14 10:09 AMLike 0 - People aren't getting it. The chances of guessing the picture password combination and unlocking a phone are low enough to make it unlikely. Less than 1 in 1000 with 5 tries.
But with 50 numbers on the screen, the chances of a random unlocking are high enough that its possible.
Choose 2 or more numbers and the only flaw is fixed02-05-14 02:09 PMLike 0 - I don't the think picture password was ever intended to be the most secure against random tries, bumps or brute force....the main feature is simply people can watch you enter it and have no clue what your code is. No need for you to hide your phone and look over your shoulder every time you enter your password.
If you want a more secure code against brute force, go ahead and use a regular alphanumeric password....BUT, you have to be careful and hide it every time you enter it.
Posted via CB10Thunderbuck and JamesIV like this.02-05-14 02:26 PMLike 2 - It is definitely the most secure in terms of trying to enter the code while around people you might not trust, BUT it is not the most secure in terms of a brute force method. E.g. If someone tried to unlock it by randomly trying different variations.
Lets consider the number of combinations for the picture password lock.
First, there are 7 columns of numbers and 9 rows of numbers. So every single time you try, you are really trying 7x9=63 combinations and at once.
The picture password lock also has a little bit of leeway if you place the number slightly off center to where it is supposed to be and I estimate you can be off by about 1/5th to 1/6th of the way in either direction ( horizontally or vertically) before the phone assumes you got it wrong. If we try to find the number of possible "locations" you can place a number, it is basically the number of "number" widths multiplied by the variance. We already said there are 7columns, so 7x6=42 (where 6 is the variance)
Is the number of horizontal positions possible.
Likewise for vertical positions. 9x6=54
So the number of possible positions to place a number is 42x54 = 2268
Since there are 10 possible digits 0-9, further multiply by 10.
=22680
But wait, we initially said you are trying 63 numbers at once, so 22680/63 = 360
Another way to think of it is that there is a 1/6th variance in each direction of each of the numbers, and the re are 10 numbers. So 6x6x10=360.
So the chance of someone randomly being able to get the correct number to the correct position is 1 in 360.
Since they have 5 tries before it goes to your other password, 5 in 360. Or 1 in 72.
This is a conservative number as well since I said it is 1/5th to 1/6th variance. If it is only 1/5th variance, chance of guessing is 1 in 50.
So no, in actuality, it is a pretty insecure way to protect your phone. People can't try and look at you enter the password to guess it, but their chances of randomly guessing it are pretty high.
On the other hand, for a password lock there are M^N possibilities where M is the number of possible characters and N is the length of your password. If we consider 26 lowercase, 26 upper case, 10 numbers, and 42 symbols (I counted my BB keyboard, lol) you have (26+26+10+42)^N possibilities.
With a password of length 1, the chance of them guessing your password is 1/104 each time. Or almost 1/21 with the first 5 tries. Yeah... your picture password lock is only twice as better than a password of length 1.....
Posted via CB10
Via CB10 & Z10 or Q1002-06-14 04:01 PMLike 0 - Why couldn't BB limit the number of attempts to three before forcing the alphanumeric password?
They could also, as others have said, increase the number of required digit-location combinations to two. Seems this would dramatically increase the security of the password.
Via CB10 & Z10 or Q1002-06-14 04:18 PMLike 0 - I just repeatedly locked my device and tried sets of four 'blind swipes' until it unlocked on the 89th attempt.
Given the odds against an unauthorised unlocking attempt ever actually occurring, combined with the fact that only five attempts are possible before the password prompt, I think that my device is pretty well locked.
As already mentioned, there's always the option to not use the Picture Password should a person or organisation be unable to risk a random unlocking event - and also that there should be built into it, a setting to limit unlocking attempts should the owner want it that way.
Posted via CB10 on a Z10Thunderbuck and Bishkin like this.02-07-14 02:01 AMLike 2 - Why couldn't BB limit the number of attempts to three before forcing the alphanumeric password?
They could also, as others have said, increase the number of required digit-location combinations to two. Seems this would dramatically increase the security of the password.
Via CB10 & Z10 or Q10
This was posted on the wonderful BB Z10, STL100-3, 10.2.1.537Last edited by Stef007; 02-08-14 at 08:36 PM.
02-07-14 05:39 PMLike 0 - Sure, a two-stage solution to Picture Password would be awesome and make it even more secure! But right now I think it already is the best 'defense' against situations where people can watch you use your device. Passwords can be read, patterns can be remembered, for PP neither is relevant.
Originally Posted by BlackBerry Help BlogBrute Force Attack � Picture Password addresses brute force attacks by limiting the number of guesses, varying the size, location, and pattern of the grid numbers and requiring minimum movement of the number grid.02-08-14 10:58 AMLike 0 -
Posted via CB10 on a Z10K man13 and PatrickMJS like this.02-09-14 03:15 AMLike 2 - I just repeatedly locked my device and tried sets of four 'blind swipes' until it unlocked on the 89th attempt.
Given the odds against an unauthorised unlocking attempt ever actually occurring, combined with the fact that only five attempts are possible before the password prompt, I think that my device is pretty well locked.
As already mentioned, there's always the option to not use the Picture Password should a person or organisation be unable to risk a random unlocking event - and also that there should be built into it, a setting to limit unlocking attempts should the owner want it that way.
Posted via CB10 on a Z1002-09-14 03:35 AMLike 0 -
It's like walking downtown, where your odds of being struck by a car seem to be statistically quite high, yet with the proper rules in place and some common sense - we manage to remain safe.
Posted via CB10 on a Z1002-09-14 03:55 AMLike 0 - Is my understanding correct that what you suggest is to have the grid with numbers stop in at least 2 locations therefore aligning 2 numbers in different spots in order to unlock? For instance you will slide the grid with the first number is the first spot, stop there for 1 second - without lifting your finger from the screen - until it will signal that it acknowledged that attempt (for instance by turning all numbers in a different color or making them bold) and then you will slide the grid so the 2nd number gets in the 2nd spot and release it. This would make it way more secure and on the other hand it will still be a quick unlock option.
This was posted on the wonderful BB Z10, STL100-3, 10.2.1.537
In any event, I'm big on security and I love it. I still have all the back end encryption, but I also have easy access and when I show the screen to people, they don't know where to begin to try and unlock my Z. And when I tell them how it works, and do it in front of them, they are totally baffled.
Via CB10 & Z10 or Q1002-09-14 09:22 AMLike 0 - Is my understanding correct that what you suggest is to have the grid with numbers stop in at least 2 locations therefore aligning 2 numbers in different spots in order to unlock? For instance you will slide the grid with the first number is the first spot, stop there for 1 second - without lifting your finger from the screen - until it will signal that it acknowledged that attempt (for instance by turning all numbers in a different color or making them bold) and then you will slide the grid so the 2nd number gets in the 2nd spot and release it. This would make it way more secure and on the other hand it will still be a quick unlock option.
This was posted on the wonderful BB Z10, STL100-3, 10.2.1.537
My prefered solution:
picture password works the same as it does now only if you chose a 2 stage password instead of unlocking after fiirst picture/number you are presented with second picture/number right up to a maximum of 4 numbers pictures. Most people would be happy with 1 or 2 number pictures but the solution is scalable for all requirements.
The rule of 5 wrong answers revert to character would remain.
Only question is whether after getting first number wrong the user is notified and the password attempt starts from position 1 again with 1 chance used or if the user must enter all numbers before being told they have messed up on at least one of them. I was thinking the second although others have suggested the first which although less secure is still much more secure than the current 1 number is all you can have and is probably the most intuitive.
The other benefit of this those using one number not wanting to change the proposed change would not effect them in any way, the only way a user would be effected if this change was implemented is that on changing picture password settings they would be prompted if they want to choose another number/picture upto 3 more times till they select thats enough numbers or provide 4 numbers.02-09-14 10:30 AMLike 0 - And another thing I would suggest to BlackBerry is that they should treat this PP option the same as the simple password option from the IT policy point of view when using an exchange email account. I would love to use it but that means that I need to disable my work exchange account which I'm not willing to do.
This was posted on the wonderful BB Z10, STL100-3, 10.2.1.53702-10-14 07:19 PMLike 0 - I was sad when I saw that I couldn't use picture password with my work exchange email.
Oh well. Back to simple pass
Posted via CB1002-23-14 11:45 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
Picture Password possibly most secure access
Similar Threads
-
Kaspersky Mobile Security Lite
By dr0800 in forum BlackBerry 10 AppsReplies: 12Last Post: 02-03-14, 10:43 AM -
Trying to set picture password
By Rain11Man in forum BlackBerry Z10Replies: 14Last Post: 01-29-14, 10:49 AM -
10.2.1 - picture quality option for email attachment
By cuek80 in forum BlackBerry 10 OSReplies: 4Last Post: 01-29-14, 06:10 AM -
Contact picture?
By Deadmunny in forum BlackBerry Z10Replies: 1Last Post: 01-28-14, 09:25 PM -
How do I get IG on my Q5?? HELP! Is it possible!?
By sheldon coop in forum More for your BlackBerry 10 Phone!Replies: 1Last Post: 01-28-14, 09:18 PM
LINK TO POST COPIED TO CLIPBOARD