title: Lock patterns are more predictable than we thought
url: http://www.androidauthority.com/lock-pattern-predictable-636267/
hash_url: c3debc5642
We have been using traditional passwords for a very long time, but Google only introduced lock patterns in 2008. It’s hard to perform thorough studies on such new methods, but this authentication technique is finally becoming more mature. Fast forward to 2015 and good research begins showing up, the latest (and likely biggest) one comes from Marte Løge from the Norwegain University of Science and Technology.
What this research shows us is quite worrisome, as it seems to entail we can be just as predictable with these handy lock figures as we are with our passwords. Løge collected about 4000 lock patterns by asking participants to create unlock gestures for supposed shopping apps, banking software and smartphone access.
“Humans are predictable. We’re seeing the same aspects used when creating a pattern lock [as are used in] pin codes and alphanumeric passwords.” -Marte Løge
There’s a reason why passwords like “password” and “123456789” exist. Splash Data recently gave us a list of the worst (and most popular) passwords, and seeing those will really open your eyes to this issue. As tech consumers, we look for the simplest route possible. It’s probably a main reason why lock patterns were even created. It’s an easier way to keep your phone protected, but we probably do have to sacrifice some level of security in order to obtain simpler unlock methods.
ShutterstockEven if this method was more effective, we must keep in mind a system is only strong when we know how to use it, and it seems many of us are making our lock patters way to simple. This will prove to be a danger once attackers learn more about our collective pattern choices.
Let’s stop giving researchers data to analyze, guys. Remember these devices hold your whole digital life; we shouldn’t protect something like that with a lackluster pattern. I’ll give you some of my favorite tips for making Android lock patterns more complex.
It’s this type of information that makes me more of a biometrics advocate. Creating our own security authentication has proven to be a weak solution (in a greater scale, of course). Fingerprint readers, retina scanners and face recognition are very secure methods that can be harder to spoof.
But what do you guys think? Are you a fan of lock patterns? Mostly for convenience, or for security?