WM Access Security Suggestion RRS feed

  • General discussion

  • Sorry if some of this may have been implemented in WM6.  I'm a WM5 user anxiously awaiting the release of WM7 in the hopes it'll address the features Apple prototyped in the iPhone.

    Love WM, but information security (potential identity theft) has been long on my mind.  The trade offs between "ease of use" and "security" are well known to UI developers.  I have what I think is a pretty good suggestion to help in that area...

    The PIN-code lock option is for fat-finger ease of use, but suffers from lower security.  The password lock option has good security, but suffers from a complete lack of being able to use the feature because of the pain of needing to pull out the stylus, etc, etc, etc.

    A good solution would be to cascade the two features.  Give an option of specifying BOTH a PIN and a PW.  The owner can then specify the number of PIN entry failures that are permitted before the device starts to insist upon the user entering the full PW.  Once N number of PIN entry failures have occurred, the device will require the full PW (time outs and power on/off will not bring back the PIN screen).  Once the full PW has been successfully entered, then the PIN screen will start being offered again in the future.

    This approach effectively gives the PIN feature all the security of the PW feature.  If a hacker can guess a 4 digit PIN in 2 or 3 attempts, then they should be gambling in Las Vegas instead of hacking devices.  Once they miss the first 2 or 3 attempts, then they're faced with trying to hack the full PW.  This feature will also help incentive owners to create even more sophisticated PWs since the owner won't have to worry about actually tapping-in the PW during normal use.

    Given the above capability, another "cool" improvement would be an icon screen instead of the PIN screen.  The device would present an array of (very visually distinct from each other so each icon is easy to spot) icons, preferably randomly shuffled, within fat-finger buttons.  This screen could present probably 20 or more icons.  The user would have a chance to press the correct icon only once.  If the user failed to press the correct icon, it would then be necessary to enter the full PW (or perhaps moving to the PIN screen, then the PW screen).

    The size/number of the icons/buttons should be somewhat configurable.  Likewise it would be good if the size of the fat-finger buttons on the PIN screen were increased.  While they seem "reasonable" for pressing while holding the device in your hand, consider when the device is mounted on a dashboard in a moving car.  This scenario is another reason for the icon screen.  Spotting and pressing a single icon can be done with far less distraction while driving.  You would typically brace your hand on the dashboard while trying to tap the screen, but the process is still a bit less accurate than when holding the device in your hand.

    Another option on the icon screen would be the ability for the owner to specify the number of icon screens to transition through before the device is unlocked.  Probabably 5 would be a reasonable high-end limit.

    Looking forward to WM7!!

    -- kburgoyne
    Sunday, January 4, 2009 7:39 PM