Pro tip: Turn off the "Simple Password" option, then enter a new password that consists of only numbers. The password prompt will then still be the nice 10-digit keypad rather than the full keyboard, but the passcode can be any length.
Yes. If you have digits only, you get a freetext field, but with the digits only keypad.
Even more fun: if you give a four-digit passcode for the non-simple passcode, it turns on the 'simple passcode' option again, which means that you can't have a four-digit passcode without telling the length of the code.
I'm not sure why this is an issue at all. The same surface you use to enter your password you also use to interact with the device. So unless your interaction consists solely of unlocking the phone, then putting it away again, the screen is going to be absolutely covered with fingerprints and smudges and smears and there won't be any way to tell which ones are from the password and which are from actual usage.
I just took a look at my own iPhone, and it bears this out. On the bottom half of the screen, there are a series of fingerprints and a giant smudge. If you were to try and guess my password from the clear prints, you'd end up pressing the wrong digits entirely.
HN title is not the original title, and it is incorrect. This is not "3-digit passwords", rather "4-digit passwords containing only three unique digits".
Assuming it will get changed at some point making me look foolish, HN title at time of posting is "3-digit iPhone password is more secure than 4-digits". Original title from the source is "Game theory and probability of iPhone passwords".
You're right Corin - the title is a little misleading with hindsight. However, I was trying to reflect the angle that made the page interesting (ie that it's counter-intuitive that using less unique digits is more secure) whilst still trying to fit it within character limits.
If you are still able to edit the title (can't remember when HN stops letting you do that), a more suitible one might be something along the lines of "iPhone 4-digit passcodes more secure when containing only 3 unique digits".
Back in the nineties, while visiting a research facility on an airforce base, i saw a solution to the fingerprint problem. The electronic keypad simply randomized the positions of the digits before each login attempt. Not very convenient considering that you cant't use your muscle memory, but pretty much hack-resistant.
Of course, if the fingerprints are really such an easy way to see which four digits are commonly pressed, perhaps the best option would be to use only three unique digits, and then pick another digit that you always tap just after unlocking the phone. Obviously the digits disappear, but say your code was 1123, just hit where the 6 was (just below the 3) as soon as it's unlocked. Then to anyone trying to guess from fingerprints, they would be trying to guess combinations of 1, 2, 3 and 6.
If they were to then guess that only 3 of the 4 digits were used, with one being repeated, the possibilities are vastly increased by not knowing which digit is repeated OR which digit is not actually used. Off the top of my head I think it would be 36x4 (36 being the number of combinations using 3 unique digits, multiplied by four for each digit that could be un-used), meaning 144.
If you were to do the same trick, so after entering your 4-digit code containing 3 unique digits, you then hit two different fake digits (same two every time you unlock)... you would have 36x9 combinations, totally 324.
To take this to its (il)logical conclusion, you could fake-press all the digits that you're not using, but at that point you're clearly going too far and should consider just wiping off fingerprints instead.
Then again, is there really a real life use for any of this logic at all? I think not. 36 combinations rather than 24? Hell, even 324 instead of 24. Is it interesting to calculate, sure. Is it worth caring about when actually creating your passcode, not really, ultimately it will cause a minor annoyance to anyone who wants to guess the code, as they will take a little longer to get there.
That said, it's only not worth caring about in terms of the number of combinations. If you use only 3 unique digits, yet always tap the same fourth decoy-digit, while the combinations may only go from 24 to 144, there is a chance that the theif/whoever would fail to guess the plan, and therefore not think to try more than the 24 combinations.
This discussion reminds me an awful lot about side-channel attacks against cryptosystems and the steps taken to make crypto implementations secure against leaking information. In particular, one of the simplest defenses is to make sure that the code path executed is independent of input which is like fake-pressing all the digits every time you enter your PIN.
Also, in your method, instead of guessing where 6 was to hit right after unlocking, you could also just use the backspace on the key pad. So to type in 1234, you could type in
random key backspace random key backspace 1 2 3 4
Is it just me, or is it almost equally possible that you would see the 'double' tap print on the digit that is repeated anyway?
This would then reduce the possibilities to 12 instead of 24 resulting in a less secure code.
I think the other solution presented in the comments of the post offer a far superior result: Randomize the position of the digits displayed each time. This way you cannot relate a tap print to either a digit or a relationship to another.
If you really want it even more secure (unable to tell if the user has used a digit more than once), randomize the positions after each entry.
Of course, these solutions have a downside in that you will enter the code slightly slower and thus slightly increase the risk of 'over the shoulder' attack vectors.
An intuitive way of calculating the permutations w/o the multinomial co-efficient:
For a 3 digit passcode, there must be 1 pair of repeated digits somewhere in the 4 number sequence e.g. 1_1_, 11__, _11_ etc.. so 2 x 3 = 6 different pairs. This pair of repeated digits is any one of the 3 unique numbers e.g. 11__ or 22__ or 33__. For any pair of repeated digits, there are just 2 options left for how the other 2 digits must be arranged in the sequence of 4 e.g. xx12 or xx21. So 6 x 3 x 2 = 36.
For a 2 digit passcode, there are 2^4 = 16 permutations, except since there must be at least 1 of each digit present, you have to subtract the 2 permutations with 4 repeated digits e.g. 0000 or 1111. So 16 - 2 = 14.
Even worse than the iPhone prints are the smears left from the gesture locks on Android. You can see the whole thing quite clearly. I've been able to unlock several people's phones just by tracing the smear left on their screen. There's no ordering problem either.
I wipe my phone across my shirt or pants after unlocking it so the fingerprints don't stick around. The cleaning has become just as much a part of muscle memory as entering the PIN, so it's not something I'm likely to forget.