So then its probably a pretty good idea to randomize the number keypad for the lock screen, which I do. Does this defeat that, I can't think of a way it does..
The paper focused on an attack against a payment system, not the lock screen, so you'd need to randomize every password input keyboard at the system level.
