Many mobile phones and other mobile devices in the current marketplace commonly offer the ability to use a numeric personal identification number (PIN) to unlock the device or otherwise enable some portion of device functionality. Such a security provision can prevent some rudimentary attackers from maliciously accessing the contents of the device. However, users commonly dislike PINs and also have a tendency to forget the PINs associated with their respective devices.
Additionally, the level of security afforded by a numeric PIN can be limited. A traditional four-digit PIN can take one of 10,000 different values. At first glance, one might expect, for example, needing to attempt 5000 guesses before successfully finding the correct PIN. However, this would be true only if PINs were randomly generated, and usability concerns generally result in most systems and devices permitting users to manually select their own PIN (which is very unlikely to be selected in a random fashion).
Accordingly, relying on the user to generate the PIN trades security for usability. With traditional alphanumeric passwords, dictionary attacks result largely from the observation that some PINs are chosen often by users. For example, 123456 is commonly identified as a commonly-chosen (six-digit) password. In addition, a user often resorts to basing a PIN on obvious personal information, such as a year in which he or she was born or experienced another significant life event such as marriage or birth of a child.
This deficiency in existing security approaches with respect to mobile devices is often reflected in a metric referred to as entropy. Accordingly, a need exists for techniques that add entropy and/or otherwise increase security measures in connection with mobile devices.