Way easier, just have a set of 9 icons (flower, sun, etc) shown after every pin entry. Your "true" icon will proceed, all other icons will trigger duress and proceed.
Way easier, just have a set of 9 icons (flower, sun, etc) shown after every pin entry. Your "true" icon will proceed, all other icons will trigger duress and proceed.
This is familiar.
I had a bank that, when you set up your PIN, required you to also pick an icon. There was a flower, and a cat, and a dog, and some other generic pictures.
When you put your card in the ATM and entered your PIN, you also had to pick the right icon.
I wonder if this was the start of a duress system the bank was setting up. The bank ended up getting eaten by another bank and then another bank, and the icon selection system went away.
For some reason I don't associate it with a bank (they have a personal phrase they include in official messages), but do with one of the SSO accounts I had, and feel pretty confident it wasn't Google.
No, it is an obvious solution to anyone who wants to solve the problem, and have never seen this in the wild (probably because I live in a relatively safe country where you don't have to fear to get mugged at an ATM).
EDIT: This should be coupled with a "secret" icon that is shown (or a specific order of the 9 icons you have to chose from) to prevent MITM/Phishing attacks. If you realize the icon/order is not the one you are used to, you are being phished.
