Use Complex Patterns, Avoid Letters For More Secure Android Lock Patterns

In this modern age of smartphones, mobile banking, security apps, PayPal, Electronic Wallets, websites and even Starbucks, we are inundated with passwords.

For passwords, use as many characters as you can – Android allows you up to 17 characters, so why not use them all?

“We’re seeing the same aspects used when creating a pattern locks [as are used in] pin codes and alphanumeric passwords”. Are we as lazy with picking our APLs as we are with our passwords?

Ars Technica reports that Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, analysed the usage of lock screen patterns on Android devices as part of her master’s degree.

In case of password breaches, it was found that most common password cracked were “1234567” and “letmein”. Løge claims that APLs suffer from the same problem – predictability.

Løge, says that similar to the passwords, ALPs too have similar weakness, she found that nearly 10 percent of the patterns took the shape of the alphabetic letter that corresponded to the first initial of user’s name or their spouse or child or any other person who is pretty close to the user. A large number of users selected just four nodes meaning that their lock screen pattern was one in 1624 possibilities.

More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier. Løge told our source last week at the PasswordsCon conference in Las Vegas, where she presented a talk titled Tell Me Who You Are, and I Will Tell You Your Lock Pattern.

“Humans are predictable”, Løge explained to the Ars Technica blog. Add to that the fact that numerous patterns only went through four nodes (out of a maximum of nine), and the patterns become exceedingly easy to guess. Additionally, she says using as many nodes as possible (creating a longer, more complex string) helps safeguard users.

It’s also worth pointing out that the oils in your fingers leave visible streaks on your device screen – if you don’t use a complex pattern with backtracks, a thief wouldn’t need to guess your pattern – it’s right there for anyone to see! This makes the patterns much more predictable.

But if you’re using a pattern password, there are ways to make it better.