Many Android Lock Patterns are Similar, Insecure
The majority of the patterns aren’t very original. It’s easier to remember-and easier to enter-then pecking keys on a keyboard.
If you use a pattern to lock your phone, the chances are it probably starts in a corner and uses only four nodes according to new research from the Norwegian University of Science and Technology. If an app had my personal info and knew the trends that make Android Lock Patterns insecure, it could suggest one that wouldn’t be as easily cracked.
With four-to-nine nodes, there are 389,112 possible patterns you could draw – the more nodes you touch in your pattern, the more secure your lock, because a higher number of combinations means your pattern would be much harder for a snoop or thief to guess. Nearly half the patterns started on the node in the upper left corner of the screen and over three quarters started from one of the four corner nodes. However, Løge found that most people only actually use five nodes, giving a maximum of 7,152 combinations – just 5% of the possible total if everybody used all nine.
Her study also indicated that males and females have a tendency to create patterns in some distinct and predictable ways. Using a pattern in the shape of a letter, for example, is not much better than using a PIN of 1234. Løge detailed her findings at the PasswordsCon conference in Las Vegas, saying that they’re noticing the same aspects used when creating lock patterns as are used in alphanumeric passwords and pin codes.
While the prevalence of smartphones with fingerprint-based security has increased considerably over the past two years, the vast majority of Android users still rely on tried and true lock patterns to unlock their devices.
The most commonly used patterns comprised of moving from left to right and top to bottom, further making it easy to guess the pattern.
Løge says that by collecting a huge number of ALPs it is possible to build “Markov model” which can help attackers to predict the ALPs. The study also reveals young men usually choose longer and more complex patterns. For real security, turn off the “make pattern visible” option so nobody can see what you are doing.
More studies are needed to discover whether or not our patterns coincide with life events, too.