Are the iPhone "connect the dots" passwords secure?

Question

A popular way to login to iPhones and other phones is to use a "connect the dots" password. For those unfamiliar, it looks something like this:

Is this kind of passwords secure from brute force attack (I'm excluding things like social engineering and just looking over their shoulder)? Note that this question is focusing only on the authentication, not from the iPhone itself being hacked

Answer 1

It's a simple way to keep honest people honest, but I wouldn't rely on it to stop a determined attacker.

It's not even secure against holding it up to a light and looking for smudges.

By looking at smudge patterns, you can figure out a few edges that are involved which reduces the search space to significantly better than brute force.

There is a pause built into it after a failed check though which offers some protection.

Answer 2

Security level approximately the same as a three tumbler combination lock.

i.e. A 10 year old could hack it.

My experience with is with Android connect the dots security, not iPhone, so YMMV.

As others said:

• Smudges on screen can be followed.
• The entropy involved is reasonably small.
• Usually a lot of false negatives in code entry (my experience with a low power phone)
• If an attacker has long term access to the phone they can try lots of times with increasing timeouts.
• Shoulder surfing is significantly easier

Rough Entropy calculation:

• 9 initial dots. each dot has from 2-4 right angled neigbours (likely choice).
• each dot has from 1-4 45 degree neighbours (less likely to be used).
• From 4-7 dots in normal passwords.
• Dots cannot be re-used.

Conclusion: - About About a thousand common 6 character swipe passwords. - Half a million combinations (430029) between 1 and 9 dots.

Answer 3

As others have mentioned, by looking at smudge marks, it is often possible to figure out the passcode. For a thorough evaluation of this risk, see the following research paper:

Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith, Smudge Attacks on Smartphone Touch Screens, WOOT 2010.

They show how by taking a picture with a digital camera held at an angle to the screen, it is possible to recover most of the pattern. Surprisingly, they found that it is possible recover the pattern even if the user has placed the phone in their pocket: you might think this would wipe away the fingerprints, but it doesn't. In fact, they even did experiments where they wiped off the screen of the phone with a cloth after entering their patttern, and found they were still able to recover the password pattern.

(Incidentally, they also give a calculation of the number of possible password patterns: 389,112 patterns. But they show that with a picture of the smudge pattern, this often can be reduced to just 1 or 2 possibilities.)

The paper is a tour-de-force, and well worth reading. Even just looking at the pictures and figures will give you some idea of how surprisingly effective the attack is.

Answer 4

Let's assume that you just have to select the dots in the right order. That would offer 362880 possibilities.

However, it's more likely that you can connect each dot with multiple other dots. That would offer 51998697814228992 possibilities.

Now I'm no expert in phones, or iWhatevers, but a thief can probably just look at the data stored on the phone. Unless it's encrypted and/or hardware-secured of course.

So, if the thief can't extract the data or the thief does not have enough time to perform such a stunt, the thi as noted by Mike Samuel, the thief can look at the fingerprints on the display. I'd recommend locking the phone after three failed attempts. Sounds radical, but that's your best bet if you want the password method to be secure.