Improve the security of unlocking your smartphone

There is a paper at WOOT 10’ described how to use smudges on the touch sceen of a smartphone to get largely decrease the time an attacker need to guess the right password to unlock the screen. For example, by for 4 passcode based iPhone, one just need to try at most P(4,4) = 4! = 24 times before he get the right one.

But I think this situation had happened on PC and we already have a solution. Long time ago, we have Trojan that steals the password. To combat with it, people invented virtual keyboard (like used by many online bank in China). But the attacker then upgraded their program to record the mouse coordinates so they still know which character you entered. Isn’t this sounds familiar? Yes, these coordinates are just like the smudges you left on your screen! So what happened next? We have randomized virtual keyboard.