I love the matrix used for entering your pin. That way even if the computer you used is compromised, they can't steal your pin because you will be typing in a different one each time. The only problem is that the matrix only has 9 spots. Nothing maps to a 0. My original pin had a 0 in it and I was stuck. I had to modify the emulator on the RPI to hack in my pin to change the pin. I suggest you do a server-side check on a new pin to make sure there's no 0 in it so that one doesn't accidentally make this mistake.
One more suggestion, allow reverse mapping of pin matrix as that is what's easiest for someone like me to remember.
For example, let's say your pin is 1234 and you are shown this matrix:
9 4 8
5 6 7
3 2 1
Right now, you'd have to find the spots that have 1,2,3, and 4 and then figure out the index of those spots. In this case it's 9872.
My suggestions is to also (or only?) accept the reverse mapping... where you lookup the spots that represents the index 1,2,3 and 4 and type the numbers in those spots, so 9485 (the first 4 numbers in the matrix)
The main reason is that a lot of people use visual memory and they will remember the location of their pin and it's much easier to figure out the encoded pin this way.
P.S. Is there a better place (forum/irc/etc) for suggestions like these?
