When I originally came up with the idea it seemed that 4 digits in 16 columns was going to be cracked in about 10 interceptions, with some careful management of the challenges we could get it up to around 50 but we still felt we might have to deploy a virtual keypad with it which didn’t sit right with everyone. Sadly it was at this point I first went on a TV in Australia and got a front page Slashdot story where the response from security people wasn’t great as nobody wants to hear 10 interceptions, the real breakthrough was by separating the digits into single frames of an animated loop and then using a unknown subset of those challenges as the authentication code is when the entropy really took off. So now the attacker has only a very vague probabilistic idea of which digits went to which frames in the challenge and where in those frame columns they might be. Because there is only 1 digit in each frame there is effectively a much wider ratio of possible locations for the digit too. There is some information about the cracking algorithm method in the whitepaper. The curious thing about this animated method is that the smaller ratio of digits to total frames exponentially increases the difficulty of analysis which in effect means smaller password are more secure than larger passwords (If the total number of frames is steady) If you take straight up guessing out of the equation a 4 digit in 10 frames challenge is exponentially more difficult to crack than a 6 in 10. Of course since it doesnt affect usability at all so we turn up the number of overall frames to keep the ratio low and essentially get extra security for free. The next problem for the analyser is the character set, many people don’t realise there are many ways to represent a 1 and others like 6 or 9 or 7 all have multiple versions of themselves, you essentially double the assumed character set. For the analysis we assumed the attackers know exactly which character set is being used and we also assume that 80% is the cracked level of a key is enough to assume it is broken, so I think we are quite generous when the analysis was done. There are actually 3 serious security adjustments which multiply the amount of interceptions, first is the ratio of digits to frames, second is the number of columns in the key and third is the level of obfuscational noise. After that there are a bunch of extra measures which can be easily taken such as increasing the screen challenge proportions and using random offset alignment markers, multiple rows in the key, and a few simple tricks which destroy the analysis permutations. The important thing is doing it the way we are doing it the analysis difficulty gets exponentially difficult with small tweaks so high interception numbers are easily achieved with reasonably sized keys. For the original static challenges we don’t recommend them at all for online authentication as there is no real cost to moving to the animated method and in fact some people report they prefer the usability of the animated method.