I’ve been hearing a lot about Google’s innovative login feature for the Android phone, but only saw it today for the first time (Loren Feldman, who recently did some video of one, sent a screenshot).
Unlike other phones, which require a four digit number for unlocking, the Android simply puts nine dots arranged in a square on the touch screen, along with the words “draw pattern to unlock.” My understanding is that any pattern can be used as long as it touches at least four of the dots. Given the many, many different possible patterns (any math majors want to tell me how many?), it seems like a decent way to to lock and unlock a phone.
Except a very low tech side effect of the touch screen may be giving Google pause.
From what we hear, some people using the phone are noticing that the oil from a user’s fingers may leave enough of a smudge that the unlock password can be guessed at some of the time. Particularly since most people start their unlock pattern with the top left dot, and then move right or diagonally right. If you can see the smudge, it’s an easy guess what the unlock code is.
Of course users can always just wipe down the screen whenever they lock the phone. But my guess is Google offers an alternative, and more traditional, way to lock the phone as well.
Update: Good video and discussion of the unlock feature here, per the comments. Video is also embedded below, as well as another screenshot:
See all
Post
Why don’t they just make a finger print or voice recognition log in?
im pretty sure finger print recognition can’t be done on this type of screen
you wouldn’t have a buck 170 phone then.
Well first, you couldn’t get a finger print off a touch screen.
That said, even consumer finger print readers aren’t guaranteed to work (read the fine print) and speech recognition requires quite a bit of processing power and still isn’t as reliable as you’d like it to be. The bottom line is that both solutions aren’t 100% accurate in their consumer versions and you wouldn’t want to take the chance of getting locked out of your phone.
Mythbusters busted this fingerprint myth already…
Speech recognition is extremely difficult given the many circumstances where you would want to unlock your phone.
Accessibility is not an issue here?, i mean, can you easily enter such a code by using just one hand? That would worry me even more than security (hackers always manage to get to your stuff anywhere anyways).
Android is dead anyway, so who cares?
“Android is dead anyway” are you smoking crack? I mean really, the open source platform pushed by the biggest company on the net, backed by large phone networks, with thousands of developers. Is dead? More like the infant product that when it reaches the terrible two’s will do something terrible (KILL IPHONE SALES)
They did one better, there is a finger print scanner already made I believe as well as an Iris scanner. Should you want to super secure your phone you change change to an alternate already made, or create one yourself.
How do I put the log-in information into my Password Manager in case I forget?
I hope it beeps so that way I can tap out “Take me down to funkytown”
You watch Southpark too?
i love towlie!
At my job I work in the most recently built building. For the most part this is a good thing but one of things that bugs me is that rather than light switches, we have motion detectors. This seems cool until you’re sitting there working and the lights go out on you. Or you’re working late at night and you can’t get them to come on no matter how much you wave your hands. Or you have a head ache and would just assume they don’t come on. Or whatever…
But what really stands out about the motion detectors is that the process they replace didn’t need replacing. I mean seriously, how f$%#% hard is it to flip on a light switch?
This, to me, represents the same kind of thought. Someone trying way too hard to be clever ends up replacing a system that worked just fine and possibly makes things worse in the process. Typing in a simple numeric code isn’t that hard and whatever thought went into replacing it was thought that would have been better off being used elsewhere.
Hey Tom. Motion detectors replace the process of flipping the light switch because too many people forget to switch off the light when they leave a room, something that really amounts and is a huge waste of energy. Just my two cents…
I’ve heard that argument but the numbers have never made sense to me. Put it this way, we have 40 people in the office building I mentioned. Now, the motion detectors leave the lights on for an hour after they last sense motion so even if you ignore meetings, walking across campus and other “out of office” activities you are still wasting 80 hours a day just on lunch break and the hour after a person leaves.
On the flip side, someone with a light switch who accidentally leaves their light on overnight is wasting 16 hours of power (assuming a normal 8 hour workday). So for the motion detectors to even begin saving money you’d have to 5 of 40 people per night accidentally leave their lights on. I just don’t see that happening.
Tom: Most offices don’t have one light switch per person! Usually there are a set of switches near the door, and the last person who leaves is expected to turn them all off. Often they’ll forget.
We have motion detectors in the corridor which makes a lot of sense. Often there aren’t enough people around to justify leaving them on and it would be impossible to expect everyone who leaves to check whether there is anyone left in the building and turn the lights off accordingly.
In conclusion, you are wrong. Motion-detecting light switches are one of the most sensible and simple energy-saving measures.
@Tim: On offices, I’m sorry, but that’s just stupid. How hard is this concept: “last one out, turn off the lights” It’s not hard to flip a switch on and off. If there’s no one in the office when you leave, switch them off. If there is, leave them on. Not Rocket Science.
As far as corridors, we don’t have motion detectors in our hallways but I’ll do the math. In my hallway we have 1 light every 2 offices and 4 lights in each office. That means it takes 8 office lengths to equal the power consumed by one office. So in our building of 40 we have the equivalent of 4 and a ½ offices (since some are off the lobby where no one would be dumb enough to put motion detector based lights in)
Now again, the motion detector is set for one hours time meaning hallway lights would essentially be on all day (since in almost any company there’s at least one person walking down the hallway per hour). Plus they’d stay on an hour after everyone left. So assuming everyone shows up and leaves at exactly the same time you are still wasting 36 hours PER DAY on your hallway. Meaning the hallway motion detectors would only save energy if you consistently left every hallway light on over night.
So In Conclusion, you either work in a company of idiots who aren’t smart enough to turn off a light switch when they leave or you’re wrong (and quite frankly a little too arrogant for someone who misses such an obvious flaw in his logic)
Simple flaw in your logic… how can you waste 36 hours PER DAY? Last time I checked there were only 24 hours in a day
I fully agree with Tom - sometimes we replace conventional ways and adopt more complex ways to solve a problem. Bio-metrics and retina scan is fine… do we really need that level of security for a phone….
Tom, you’re right 100%. I am not going to comment on the motion detector concept, but why would they want to replace something that works fine and everyone is accustomed to? Just to stand out maybe. I guess Google engineers never heard of “If it ain’t broken, don’t fix it”. Neither did Vista product team, btw - and we know happened there.
4-dots required would be 9*8*7*6 = 3024 different combinations, good luck crackin it :p
Yeah, but wouldn’t that then mean a standard 4 digit password (in which the numbers (0-9) can be reused) would equal 10*10*10*10 = 10,000?
Well, first, its *at least* four dots, not *exactly* four dots.
Even if you assume *exactly* four dots, you’re wrong. Since it is a pattern, you can return to any of the dots you’ve already used (except the one you’re currently on). So, 9*8*8*8 = 4608.
If your pattern can be more than four dots, then you can use any number of dots, and you have a seemingly infinite number of possibilities (only limited by fuzzy practical considerations like memory or time to unlock).
You’re both assuming that you can go from the top-left dot to the bottom-right dot, for example, and skip the center dot. Or from top-left to middle-right.
As far as I could see in the video, this is not the case.
The maximal solution then becomes 8 (for the center dot) + 2^x for each dot beyond the center dot, where x is the number of additional dots beyond the center dot.
Sum for x = 3…8 and you get:
8*2^3 + 8*2^4 + 8*2^5 + 8*2^6 + 8*2^7 + 8*2^8 = 4032
Not true, the actual number is even smaller: they have to be adjecent to form a connected pattern.
No, they don’t have to be adjacent. Nobody said you have to draw straight lines from one point to another.
@zaniny: they sort of have to be: how do you draw from one corner to the opposite corner avoiding the center dot? Do you man, that non-straight lines are allowed?
@Zainy: Because if non-straight lines are allowed, than you can make closed loops, so you can do 9*9*9*9=6561 with 4 dots, not 9*8*8*8. If the length of the password is not known, then you get 9**4+9**5+…+9**9=435847230 combinations.
I agree with 9*8*8*8, assuming that you actually need to draw a line and leave the dot you are currently on.
With 3024, even knowing the path of the combination still wouldn’t help you, you may see that the person’s path stopped on a particular dot, but not knowing if the person started or ended with that dot means your SoL.
A minimum of 4 dots.
Well, one can approximate this with a simple problem:
The number of ways to choose k numbers out of n numbers is given by a binomial coefficient: [n k]=n!/k!/(n-k)! . Now, this is choosing unordered k numbers (i.e. it does not matter in which order the k numbers are arranged). The number of ordered choices is that times k!, so we get n!/(n-k)!.
For n=9 and k=4, we get 9!/5!=9*8*7*6=3024 choices. That does not seem to be many (it’s not secure). In reality, the number of choices is even smaller, because the dots have to be adjecent to form a patter that you can draw.
Let me think about the formula if I do not fall asleep.
this is wrong because n choose k implies that order does not matter. In this case, order matters because you can return to dots already used.
Seems about the same as the 4 smudges left on my iphone when I type in my unlock code - once you have the 4 digits there’s only a few combinations to try.
Q: “Any math majors want to tell me how many?”
A: If the order in which the circles are pressed doesn’t matter and the combination can contain 4-9 circles, then it’s a simple combination: 9C4+9C5+9C6+9C7+9C8+9C9 = 382 possible combinations.
If order does matter (which is more likely the case), then the permutation yields 985824 potential passwords.
Sounds like just another fancy tool to break.
Let’s face it - at some point the screen going to stop responding or you will wear a pattern into the screen from playing “connect the dots”.
Biometric finger printing should work on this phone. I had an old IPAQ about 6-7 years ago that read fingerprints with 98% accuracy so I am sure something a little newer can do it just as well
Looks like a decent toy to fiddle with but I think ultimately it will end up being more of a pain in the butt than anything…
Just a little bit of Google work turns up: http://beust.com/weblog/archives/000497.html
Patterns can be a little more complicated then just 4 dots, so the problem is not a simple combination problem.
Even if it isn’t as secure as a 4 digit pin, will it be used more frequently then the pin lock screen because it’s easier to use?
That author assumes that you can do a “knight” move, for which I’ve not seen any evidence.
The author (me) works on Android, so you can trust him on that
There are about 380k possible patterns, compared to 10k for a 4 digit pin. If you use a pattern that starts from the center, the oily trail that your finger leaves is much harder to decipher for an attacker, especially since the phone will lock up for 2-3 minutes if you enter three incorrect patterns in a row.
–
Cedric
Just combine the unlock pattern with a password. If you don’t get the unlock pattern on the first try, you have to enter the password. And unlocking with a pattern is disabled until you do enter the password.
the oil on the screen is a ridiculous assumption as the screen, unlike a digicode, is used for many other purposes besides login.
yeah, that makes sense. plus you will be smearing it all over your face more often than you’ll be logging in
The answer is 148 unique patterns.
So Mike, your suspicions are correct. There are relatively few ways of entering a pattern. As a math major, I wrote a quick script in Matlab, and find only 148 possible ‘codes’ . Far fewer than the 10^4 of a pincode, and probably not enough to really secure the phone, given that there is no penalty for trying too many times. Say 2 seconds for each try, around 5 minutes and you are in! :/
They should make it a 4×4 matrix at least. That will offer several orders of magnitude more possibilities.
Anyone want to check my maths/matlab, i’ll email you the code.
You might be a math major, but your computer science is lacking.
Try again.
drop out now
Oops, so I was under the wrong impression of the rules. I just watched the video and saw you can hit what them all, not constrained to consecutive dots or just 4 of them. This makes it vastly more secure.
It is safe to say that there are more possible combination, than a traditional code.
seems like a pointless gimmick, and many people are going to adopt predictable patterns which thieves will try first.
To me this seems to be the same as or at least very similar to a system developed by a British start up to combat Credit Card PIN fraud.
http://www.theregister.co.uk/2007/10/04/pin_fraud/
It’s actually a very good system, and may be useful to those who have difficulties with sequences of numbers, for instance those with dyscalculia (number dyslexia).
Amazing. Google is know for innovation. Once again they have did it. So unlocking the phone is nothing but trying to crack the puzzle.
it Cooool..
But is sucure -_-’
Actually, this reminds me of working in a shop just after leaving school.
Every employee had a password for the tills of their choosing.
Most seemed to pick single digits, mine was six digits. Yet mine was not much slower to enter because I remembered it by pattern not by numbers.
I like this pattern trend.
I don’t want to have to touch my screen to unlock my phone. Hopefully this can use the trackball as well. Really I want to avoid the touchscreen whenever possible. Don’t get me wrong touchscreens can be great but as someone with ridiculously oily skin I get tired of wiping down the screen after every interaction.
@Clinton. Thanks for sharing.
my sentiments exactly davey. your argument was arguably the most interesting comment on this page.
I’d be curious to see what could be done using the built-in accelerometers in these devices. Imagine simply waving/wiggling/jogging the phone around a little bit to unlock it.
“Yeah, my password is baseball-swing, shoveling-snow, beauty-pagent-wave”
better patent that quick!
My math could be off (it’s early!), but I count 4032 possible unlock “glyphs”.
The iPhone, obviously, has 10,000 possible unlock codes.
I cant wait to have it.
Is Loren Feldman working for you now? I see him with Steve Gilmore and now Loren is reporting for you?
Isn’t there a problem with visual security here?
When I type in my password on my phone, I get four little stars for anyone shoulder surfing. When I do this, they see the password.
If its a complex figure, it would be hard to remeber. Easy one’s are easy for ne1.So how innovative is this ?.
Like no one is going to use the screen for anything but the login? My current phone has smudges all over it and it doesn’t even have this feature. If I did, it would be next to impossible to tell which smudges were from the password entry and which were from other finger presses.
Wow, what’s amazing to me is people keep going back to low numbers that are established wrong and low only a few past earlier… This is a cool unlock, and shouldn’t this be something simple like 9!+(9!/1!)+(9!/2!)+….+(9!/5!)? so just under a million choices?
And just to make this easier for the people who keep getting solutions in the 10^3 range, tic tac toe has 255168 and in order to get that there are some sets that must be eliminated, you can’t connect three prior to finishing the game in tic tac toe, you can here. so any answer given must be higher than that, or is wrong.
Granted in tic tac toe some of the games are repeats offset by 90degrees, but on this system they’d be a unique pattern per the orientation of the phone.
System is cool, and unique enough that the easier route is to take the sdhc out and just steal what you want if you have that much time.
The iPhone, obviously, has fewer permutations.
here is a humorous look at the issue
http://www.gamelemon.com/glblo.....r-concern/
Number of possible ways to unlock the damn phone : 9! + 9! + 9! + 9! ?? is this correct ??
Google: A bunch of dorks sometimes. They HAVE to do it different, not because it will better, but because they are press whores. A little fingerprint dust or a nice cellophane tape on the screen and boom you got the password. And even if someone is not that clever, it is easier to watch you do a pattern then to guess at the password you are typing in. Seeing your hand moving from a distance is easier than trying to figure out what letter your are trying hit. Realistically you want a virtual keyboard (scrambles letter/number locations each login).
Google: Yes the world did exist before you. And yes there are people with brains outside of Mountain View. Learn from them.
hey math dudes, you’re forgetting something important…
you must traverse a continuous path to define a password. therefore, you can only choose from a neighboring node when deciding where to move next. depending which node you are at, the number of available moves increases or decreases.. without knowing the maximum length a password can be set, there is no real method for solving this problem
aside from problem solving, you all think Apple would implement a password system with only a few thousand choices?!?!
No you don’t you can bypass and reach around, even we worry about losing the one square opposite of the panel selected you’re only addressing a few hundred thousand choices, not an order of magnitude.
If the pattern is allowed to cross the same dot more than once, and assuming Google does not have a cap on how many dots are in your pattern (given that MA said “at least 4 had to be used” …wouldn’t there be an infinite number of patterns…? Seems pretty secure to me if those two assumptions are true.
This site was pretty humorous
http://www.gamelemon.com/glblo…..r-concern/
For those of you who say, “just follow the fingertip smudges”.
Imagine this (no one mentioned it above yet).
Following the same path more than once. Example: starting at top most left, down, up, down, up, right, right, left, left.
A an not a developer. Hold no degrees. But to combat the idea of leaving a smudge behind and fearing someone could ‘guess’ my passwords - THIS would be my most logical solution.
ergh Google, same difference
Michael,
You’re an idiot and this isn’t a story. Get a clue!
Cheers,
Junket
Need to budget? Please visit http://www.mint.com. All your budgeting needs are there.
M1nt blog spams now? How desperate.
Seems like Google is always trying to be a bit different and innovative. In this case i’m not sure if this is anything more than a gimmick. I understand that it could be more secure with more combinations of patterns than a four digit code could be but it could also lead to more headaches like described in the article.
http://www.techNmore.com
Locking technique is definitely new, but It seems more of an attempt to be different.. and lil away from practicality, I dont know if i’ll remember the sequence.. or even if i’ll forget it. I guess, i’ll have to wait for the real thing to arrive.
As mentioned in the post, this method may give others the chance to guess the unlock code. A greasy finger may give the clue very easily.
I guess you didn’t read the post above by “organized fellow”.
I don’t get what the big deal is. If they allow a pattern of say, 9 dots, why not just use a keypad and allow a 9-digit passcode? Seems like a 9-digit passcode would be more secure than a 9-dot pattern since each digit of the passcode has 10 possible values. On the Android one, each dot only has 3, 5 or 8 neighbors so the possible “values” (as defined by what dot you got to next) are fewer.
Michael it has been a long time since I have touched Math. However, 9 dots is not enough the possible combinations are down to..lets see:
9 to the 2nd power..yes its a guess as the full formula has some more terms to it..
Yes, the four digit pins is less possible outcomes than 9 to 2nd power.
whoops had it reversed 2 to the 9th power..
who cares about this? don’t keep your homemade porn in your phone.
I never lock my phone. Is that strange? Is that unwise? Never even think of it…
math skills is lacking greatly on tech crunch. i didn’t even try because i already know i suck at math but to those trying with a degree in math please returns those degrees it is so obviously you cheated your way through school.
If you use up, up, down, down, left, right, leftm right, b, a will the phone cheats be available? Does anyone even remember that?
stupid keyboard why are you sending the keys I hit and not the one next to it I intended to hit?
I think this can be solved using the following logic. There are three types of dots
center(1), (4)corner, (4) row center.
from center- can go to any of the remaining 8
from corner -can go to any 3
from row center can go to any 5
so the number of combination’s with only 2 dots is
1*8 + 4 *3 + 4*5
so three combinations is based on where u end up with the above combination
1*( 4*5 +4*3) + 4(2*5 + 1*8) + 4(2*3+ 2*5+1*8)
which is (4+4)*8 + (4+8)*3 +(4+8+8)*5
so the combinations general formula is a*8 + b*3 + c*5 for any n dot combination and the n+1 combinations can be derived as
(b+c)*8 + (4a+2c)*3 + (4a +2b+2c) * 5
doing this recursively we get
2 dots:40
3 dots:200
4 dots:952
5 dots:4624
6 dots:22272
7 dots:107648
8 dots:519552
9 dots:2509056
total combinations(4-9) dots:3164104
KG you’re onto something.. I was just talking with a friend about this and we addressed the problem using similar logic.. for 2 nodes we found 40 possibilities, however, for 3 nodes we broke it down into three different cases - linear, triangle, broken triangle - to find 352 possibilities…
as I look over the work, I am finding 3 nodes might have even more possibilities..
if we expand this we should get the answer {1*( 4*5 +4*3)} + {4(2*5 + 1*8) }+ {4(2*3+ 2*5+1*8) }
Each part explains where we start from.
{1*( 4*5 +4*3)} - start from center, you can go to 4 row centers and from there you can go to 5 dots. Other possibility is four corners and from there you can go to 3 dots. Same explanation applies for other parts.
When we have 40 possibilities with two nodes it not possible to have 352 with 3 nodes. because if thats true 352/40 >8 possibilities from each of the 40 end points we had in two node possibilities
This is our current thought process..
3 node linear combination’s : 8 lines x 8 ways to traverse each= 64
3 node complete triangle combination’s : 96 triangles x 4 ways to traverse each = 384
3 node broken triangle (walk three nodes not in linear orientation without walking last edge to form triangle) combination’s : 14 ways to traverse per corner x 4 corners + 28 ways to traverse per center edge x 4 centers + 56 ways to traverse starting at middle node = 224
64 + 384 + 224 = 672 possible 3 node combinations
No, this is incorrect. From a corner, you can go to more than three dots, either using a chess knight move or by going over a dot that’s already lit.
Again: there are about 380k patterns and the gory details can be found here:
http://beust.com/weblog/archives/000497.html
Sorry, i did not know about the rules to go anywhere from the corner. BTW where did you get all the rules from ? This was not mentioned in the article.
I work on Android…
While in class it dawned on me that I did not mention one of the assumptions of our model.. that is 4 edges.. because standard cell phone passwords are 4 digits.. I started looking at 4 edges and 4 nodes but haven’t finished it because I have to do other work for class tomorrow.. but it seems like there would be more than 380K patterns because there will be more than 380K users with the phone eventually and having that many people with identical passwords makes little sense to me
Now it seems we might be solving different problems or breaking the problem down differently to solve the same problem.. I wanted to find a pattern for increasing the nodes by 1 while using 4 edges before getting more complex with additional edges, which would allow a user to incorporate additional nodes in their password