MENU

Your Android Lock Pattern Might Be Just As Predictable As 'Password' Or '1234567'

22 August 2015, 5:55 am EDT By Quinten Plummer Tech Times
Close
From DropBox to Hipchat: The 5 biggest cloud hacks in recent history

Despite efforts to force users to make complex passwords, through length and character requirements, people still tend to find the simplest sequence to secure their digital lives. That's also the case with ALPs (Android Lock Patterns): people increase their exposure to intrusions by opting to set simple ALPs.

ALPs are an alternative to pin codes and fingerprint scanners. Instead of having to remember a sequence of numbers, users need only draw the pattern they established to secure their mobile devices.

The idea is simple. There are nine pegs on the lock screen and users must connect at least four of them, drawing a pattern in the process. That pattern is the pin.

There are hundreds of thousands of patterns users could draw. Marte Løge, technology analyst for Itera ASA, sees a problem with ALP, specifically the way people use them. Most people rely on simple four to five peg patters.

"You are predictable, your passwords are predictable, and so are your PINs," Løge states. "This simple fact is often exploited by hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create?" 

Løge, who graduated from the Norwegian University of Science and Technology this year, just put on a presentation at PasswordCon in Las Vegas last Aug. 4. There was tons of research to make her case, but her point was simple.

"Full Disk Encryption won't save you if your lock pattern is L - as in loser," states Løge.

For her master's thesis, Løge analysed close to 4,000 ALPs. About 77 percent of ALP patterns start in one of the corners and about 44 percent of them begin in the top-left corner, she found.

The most common length of ALPs was five, with four being nearly as popular. There are over 7,100 combinations when five pegs are used and only 1,624 when four are used. By comparison, there are over 140,000 combinations for eight-peg patterns.

"Humans are predictable," Løge said to Ars Technica. "We're seeing the same aspects used when creating pattern locks [as are used in] pin codes and alphanumeric passwords." 

© 2017 Tech Times, All rights reserved. Do not reproduce without permission.

From Our Sponsor

Entropia Universe Allows Players To Earn Real Cash In The Virtual World

Everything in Entropia Universe has real cash value, and the real estate, land and deeds that players invest in are actual investments. The game uses a micropayment system that allows players to buy Project Entropia Dollars (PED), which is used as in-game currency. With a click of a mouse, PED can also be withdrawn from the game and transferred to your bank account using an e-money/e-wallet service like Neteller e-wallet.
Real Time Analytics