While the prevalence of smartphones with fingerprint-based security has increased considerably over the past two years, the vast majority of Android users still rely on tried and true lock patterns to unlock their devices. That said, new research suggests that the lock patterns typically chosen by Android users may not be as hard to crack as previously imagined.
Originally introduced in 2008, Android’s lock pattern screen was presented as both an easier and more secure alternative to traditional numeric passcodes. While a standard four-digit pin gives users 10,000 possible combinations, a secure lock pattern with 9 distinct nodes can yield 389,112 possible patterns. While one might think that this makes Android devices inherently secure, Marte Loge of the Norwegian University of Science and Technology recently explained why your Android lock pattern may be easier to crack than you imagined.
As part of an interesting research study brought to light by Ars Technica, Loge took a look at over 4,000 Android lock patterns and discovered a number of similarities. Specifically, Loge found that 44% of lock patterns begin in the upper left hand corner. Loge further discovered that 77% of all lock patters begin in some corner or another.
What’s more, because Loge found that most users tend to choose a lock pattern with about 4-5 nodes, the number of possible patterns becomes so low that using a four-digit passcode actually becomes a safer alternative. To wit, when a user chooses 4 or 5 nodes, the number of possible patterns comes out to 1624 and 7152, respectively. Choosing a pattern with 6 nodes results in 26,016 possible patterns.
Another common pattern Loge observed is that most lock patterns follow similar paths.
More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier.
“Humans are predictable,” Løge told Ars last week at the PasswordsCon conference in Las Vegas, where she presented a talk titled Tell Me Who You Are, and I Will Tell You Your Lock Pattern. “We’re seeing the same aspects used when creating a pattern locks [as are used in] pin codes and alphanumeric passwords.”
All this being said, if you’re looking to make your Android lock pattern as secure as possible, Loge suggests a few simple tips that should do the trick. For starters, pick a pattern that consists of six nodes at a minimum. Additionally, make sure that your pattern includes a change of direction and, as alluded to above, perhaps choose a middle node as a starting point instead of one in the corner.