Thursday, February 27, 2014

Is Windows Phone Security Measure Good or Bad or Ugly?

Phone: Nokia Lumia 920.
Software: Windows Phone 8.0
Scenario: Password Screen on smartphones.

Assume you have used a phone for quite a long time. One day, someone takes it without you knowing. Lets call that person 'Trudy'.
Trudy tries to enter password.
Trudy fails to enter 'correct password' 9 times.

Phone asks to enter passphrase which is shown.
After entering passphrase correctly, it gives one and only chance to enter correct password.
If  Trudy enters wrong password, then your phone is reset. All your data is erased.

I feel this security measure is not good.
It may not be bad.
But, it is surely ugly.

Need to check how android phone tackles this scenario.

Android phone asks to enter password.
It allows to enter 5 times.
After 5 times, if it fails, then it puts a timer for 30 seconds and allows to retry again for another 5 times and so on.

Till now, I tried with wrong password 25 times. It put a timer. I dont know what is the max number of allowed retries. But this is better than windows, since windows gives a chance to trudy to reset data on phone.