Neat idea. The debit card pin bit does not seem feasible though, at least in a brute force setting - finding out a 6 digit pin, showing each number for 1 second, takes > 11 days in the worst case.
But in any case showing pins that way wouldn't work anyway - most people have a muscle memory for their pins, but would not recognize them when written down.
I recently got a new card and remembered the PIN spatially. After a few times of typing it in I realised that, though I was typing the digits of the new PIN, I was subvocalising the digits of my old PIN. It was a really odd sensation.
Having said that, I would recognise both PINs as both a string of digits and as a spatial sequence... so that would probably just be another attack vector.
> I realised that, though I was typing the digits of the new PIN, I was subvocalising the digits of my old PIN.
I trained myself to do this on purpose; subvocalising a different number. If I'm drugged out in a hospital bed and someone asks for my CC PIN, I want them to get an incorrect number.
You get a bunch of positives and check/bruteforce afterwards. This system couldn't distinguish my creditcard PIN from my office alarm PIN code, but it can give a shortlist to try.
No, since all isolated digits would have similar responses. The attack vector is not "is x your PIN?" but it's "is pattern xyzw meaningful to your brain whatsoever?"
My reading of the article is that if you show someone something that is significant to them, such as "Is the first digit of your PIN the number 1?", then it'll trigger a measurable response, and the first graph in the article is "1st digit PIN"
So I'm not sure where you're reading that it wouldn't work using the single digit approach.
But in any case showing pins that way wouldn't work anyway - most people have a muscle memory for their pins, but would not recognize them when written down.