# doug — off the record

just a place to share some thoughts

## Patterns

A multi-day post seems like a great idea until someone jumps into the middle of your routine.

I was going to cleverly work some mathematics into the lead-in for today’s post.  However, my mathematics was pre-empted by Matthew Oldridge as you can see in the screen capture below – complete with a good question about probability.

He hijacked my opening but it’s also great to see that my thinking is consistent with a great mind like his.

The issue is in the passcode that your iOS device requires for unlocking.  Unlike a password which can be as long or as short as you want and can have many permutations with letters, upper case letters, digits, and special characters, the passcode requires exactly 4 digits.  And, Matthew has revealed the answer to just how many different passcodes can be generated under these conditions.

That, in itself, is a great inquiry into probability.  I was going to follow up with a couple of questions.

• does that probability allow you to have two or more digits the same?
• what is the probability if you allow one digit to be repeated?
• what is the probability if you allow two digits to be repeated?  and so on

It’s a great lead in to the concept of sampling with and without replacement.

Well, that idea has been shot to pieces.  I still think it’s a good topic, so thanks, Matthew.

There’s another method for unlocking – drawing a pattern on the screen.

This is really handy for dog walking because you can use either hand…

Here, you define a pattern, and to unlock your device you simply re-draw the pattern on the screen.  There’s no limit to the number of points that you touch to define your pattern.  I would have thought that this would be more secure than the 4 digit passcode.  But, Samsung/Google defines it as a step down.

I was a bit puzzled over this.  But, by default, the pattern that you’re drawing appears on the screen.  So, conceivably someone could look over your shoulder and see it, steal your phone, and have access to your device.  You can toughen that a bit by telling your device to not display the pattern.  And, if you’re really paranoid, add a few extra gestures while being watched to throw them off track never hurts.

But only medium security?  I decided to poke around.

And, in the category of “I really want access to your phone”, I read this report.  “Smudge Attacks on Smartphone Touch Screens”  If you ever wanted to read everything about touchscreens or are just having trouble sleeping, this report has it all.  It really does.

My family get a kick from the fact that I have a microfibre wipe beside me most times and I have one tucked into the visor in the car.  I like to have clean glasses and a clean smartphone screen!  I’m not sure how more secure that makes me but at least I can see things.

I’ll conclude with my closing from yesterday.

There’s a great deal to think about there.  How much thought do you or your students put into the choice of protection for your devices?

Related posts:

### One response to “Patterns”

1. Steve Gibson at GRC has a nice, long explanation of why multiple character types dramatically increases the difficulty of brute-force attacks: https://www.grc.com/haystack.htm
I use the same ideas in my MDM4U class to illustrate the need for long, complex passwords.

Doesn’t help much if your nemesis watches you type or swipe, though 😉

Like

This site uses Akismet to reduce spam. Learn how your comment data is processed.