Comments on Gridsure Authentication

I dispute the worth of Professor Weber's analysis. Whilst his mathematical calculations in themselves I'm sure are flawless, there are a number of tacit assumptions made that undermine its meaningfulness, mainly about the psychology of choice of patterns. Weber first selects a set of "likely to be chosen" shapes, including lines, ticks and boxes. On what basis is it argued that users are likely to pick these shapes? Intuitively we might want to believe that squares, lines, ticks are all common, but it psychology results often defy intuition and need to be properly researched. Secondly, Weber assumes that all alignments of common shapes are equally likely to be chosen, for example that a four digit line running from left to right could start from the second column as well as the first. Beyond this, the combinatorics clearly say nothing about the relative likelihood of different patterns actually being chosen. So if we were to accept his assertion that there are 11,640 common patterns on the grid, it still is of huge significance that some of these patterns are more common than others. So the results of this report rely on psychology assumptions that Weber has not justified, and totally ignores the wider issue of relative probabilities of different shapes.