Does multiple numbers per button have an effect on security?

Think about the technical implementation, not about the user or what's painted on the buttons: it's a keypad with 5 buttons. In order to unlock the device, it needs a sequence of those 5 buttons (however many presses of those 5 button it allows).

More buttons would make it harder to brute-force the combination. Imagine having only 2 buttons, or imagine having 20. More buttons would mean more possible combinations, more combinations means harder to bruteforce.

I can imagine one way where having fewer buttons might increase security: smudges. If you had 20 buttons, over time, the few buttons you used would appear to be used, thereby reducing the number of possible buttons to try, including being able to deuce the number string ("123456") that the user needed to remember. Fewer buttons (with multiple numbers per button) means that smudges are less meaningful (they are all smudged), and a reduced possibility of deducing what the memorized number sequence was. But, this is only one aspect of security, and one I might not value too highly on a residential house lock.


No, assuming equally long passcodes, having fewer buttons cannot increase security in any way.

Depending on how the passcodes are chosen, and whether or not the buttons are regularly cleaned to remove smudges*, it (might or) might not decrease security significantly, but reducing the number of buttons certainly cannot make the lock more secure.

So you're probably right: it's just done for aesthetics and/or to save costs. As for why the buttons on your example lock are double-numbered, Dennis Jaheruddin probably nailed that in the comments:

"It's basically a 5 button lock that allows people to abuse their birthday or pin code for a password."

With just five digits to choose from, you can't pick an easily memorizable passcode like 31121976 or 31415926. With each button labeled twice, you can. (Whether that's good or bad for security is debatable; arguably, if users couldn't pick codes like that, many of them would either fall back on something even less secure like 12341234, or just write down their passcode on a post-it note. But from a usability perspective, it's definitely a win.)

*) Since the issue of smudge attacks has already been brought up, let me briefly note that they don't affect the general conclusion that fewer buttons cannot be more secure. Specifically, let us assume that the passcode is known to be digits long, and uses k buttons out of a total of n, and consider the following two extreme cases:

  1. The buttons are kept clean, so that an attacker can't tell which buttons are part of the passcode. In this case, there are n possible passcodes, of which the attacker must on average try half before finding the correct one.

  2. The buttons are never cleaned, and accumulate smudges that eventually allow an attacker to tell exactly which k buttons are used in the passcode. In that case, the unused buttons become completely irrelevant, and so the attacker knows that there are only at most k possible passcodes (of which they, again, on average need to try half to find the right one) regardless of n. (The actual number is a bit fewer than k, since codes that only use less than k different buttons can be ruled out, but it still doesn't depend on n at all.)

Reality is typically somewhere between these two extremes: an attacker might be able to observe some wear and smudging on the buttons, and thus get some information on how likely each button is to be part of the passcode, but unless the keypad is really worn and/or filthy, they probably can't be 100% sure. Thus, typically, having fewer buttons does decrease security somewhat, but probably not quite as much as a naïve calculation ignoring smudging would lead one to expect (since it has already been reduced by smudging).

Of course, one further way in which reducing the number of buttons can weaken security, even under the heavy-smudging scenario above, is if two numbers used in the passcode get mapped onto the same button on the smaller keypad (thus reducing both n and k). For randomly chosen passcodes, this starts to become an issue (due to the birthday paradox) when n < ², and will definitely be an issue when n < . Still, this observation only strengthens the conclusion that, smudged or not, fewer buttons can't ever be more secure (and may be less).

Tags:

Authorization

Physical

Physical Access

Related

How could mobile developers prevent bypassing certificate pinning with tools such as SSL Kill Switch? What are the alternatives to door passcodes? Is it possible to transfer a virus through browser video? Is VLC on Linux vulnerable to an attack from .wmv files designed to install viruses? Can free Wi-Fi hotspot providers snoop on HTTPS communications? Bank complains about rooted Android. Is it really any worse than a Windows desktop? Will same-site cookies be sufficent protection against CSRF and XSS? Can governments intercept end-to-end encrypted Whatsapp communication through lawful interception? Why is it considered safe to install something as a non-root user in Linux environments? How can the nmap tool be used to evade a firewall/IDS? What are the disadvantages of using public key cryptography when encrypting files? How can I tell if a PDF file I was sent contains malware?

Recent Posts