One problem with shaking as a lock/unlock mode: if the device is in your pocket and it's shaken enough, it's gonna switch modes...

GrIDsure (link to youtube) could work on a phone, make effective use of a touchscreen and would be pretty secure - might be patented though.

Wiki description of GrIDsure here - apparently 100 times more secure than a traditional PIN. A subsequent analysis suggests weaknesses, but the system should still be more than sufficient protection for a handheld device.

Hi
We have successfully developed a GrIDsure app for the iPhone in two versions: 1) for unlocking and 2) providing 2 factor authentication from the iPhone on to the corporate LAN

Interesting - what is the situation with patents, and are GrIDsure involved in your development?

Hi Millhouse

The patents are rigorously enforced by GrIDsure. We have been a GrIDsure VAR and software developer partner in the UK for over a year now. This work was sanctioned by them and using their developmental framework. We are now working with other GrIDsure partners to leverage our technology with theirs.
As far as I know, there are no 100% cast-iron panaceas for secure access without making it unsuitable or totally onerous for the user, but the PIP creates an enabling technology for making life easier for people that want security with an understandable way of using it. Getting rid of user names and passwords, password ageing, etc can only be a good thing if the underlying technology works for a mobile community. This does it in a way that even children can use.

Thanks for that. Not much more I can add unless Quim or Elena want to get involved - not sure if they're looking for "free" (as in no cost) solutions or would be willing to partner with GrIDsure (and/or possibly yourself, ragspeed?)

"Something you have" - much like this...

The Nokia BT necklace accessory: a remote bluetooth device, maybe in the form of a wear-around-the-neck gadget. Once you install the Nokia software that comes with it, it will effectively disable the need to authenticate if it's within 2 meters range of the neck gadget.

In addition to the lock/unlock functionality, it may or may not also have support for the AVRCP protocol.

Edit: I didn't say it cause it was so obvious to me, but just in case:

If the N900 is not near this bluetooth key, you fall back to the most rigid inbuild authentication method, preferably a password.

GrIDsure seems like an interesting option. It won't work for everybody though. I've been watching the demos and I can't remember the patterns I see - as soon as there are numbers in there my pattern memory disappears. This is presumably because it's easy for me to remember numbers. The longer the PIN, the better. So, I would have to walk around with a note of my pattern.. not good! But I'm sure it'll work better for most other people than standard PIN codes.

No such thing as a free lunch...we've got considerablr development man-hours in getting this together!
Cognitive studies at various universities show that patterns in a sequence are easier to remember than usernames/passwords/PINS and much safer when shoulder-surfing is a risk. we resell RSA tokens as well so we are familar with the issues of actually losing a physical device which provides your OTP in a 2FA login situation.

A user called "DrEJV" in another forum has told us you here are "considering both a lock screen & lock device option. Nokia's phones generally don't have an x tries and you're out password option, but they do have an option to totally lock a phone with an sms sent to the phone with a secret passphrase - and it can only dial 1 number that you define. This would be great to have on the N900."

How is that idea received in this forum?