Unlocking phones used to be simple, but that meant they were easy to breach. It's a different landscape now for smartphone security. In the olden days, unlocking phones simply required the user to click two keys — on old Nokia phones, anyway. But now, phones have gotten tougher. Fingerprints, and sometimes even faceprints, are now the norm.
Apple popularized the "slide to unlock" method, which then-CEO Steve Jobs said was to prevent the iPhone from accidentally being unlocked when sitting snugly inside pockets. Then, Android came up with its own method, in which users were free to create any pattern on a 3 x 3 grid as their passcode.
But Android's solution isn't that secure after all. A new study has quantified just how open an Android-style lock pattern is to vulnerabilities — not by any complex feats of hacking, but by someone looking over one's shoulder and simply memorizing the pattern.
PINs More Secure Than Android Patterns, Says New Study
Security researchers at the U.S. Naval Academy, together with the University of Maryland Baltimore County, published a study showing how a casual onlooker can visually memorize a person's pattern then recreate it with ease. In the tests, they found that two out of three people were able to recreate six-point unlock patterns purely by looking at them from 5 or 6 feet away.
Those same conditions were then replicated with a more traditional six-digit PIN code, which proved far more difficult, with only one out of 10 observers able to recreate the PIN code after peeking.
Why is this so? Well, the study claims an Android unlock pattern is more memorable for human brains, because minds love patterns.
"Patterns are really nice in memorability, but it's the same as asking people to recall a glyph," said Adam Aviv, a Naval Academy professor. "Patterns are definitely less secure than PINs."
The study took 1,173 participants to watch unlocking videos online and try guessing PINs and Android-style unlock patterns after watching people unlock their phones from different angles and distances. They replicated the study with nearly 100 people live, just to see if there was any difference with the online-based tests.
In the online tests, 64 percent were able to recreate the Android-style pattern after merely one viewing, but that shot up to 80 percent after a second viewing. PIN codes, meanwhile, rendered much lower vulnerability percentages: only 11 percent were able to identify a six-digit PIN after viewing it once, and 27 percent after viewing it twice.
What Should I Do?
Users who feel paranoid over someone correctly guessing their unlock pattern should probably opt for a six-digit PIN instead. It'll be slightly more annoying and time-consuming than a pattern, but it's far more secure, as the study suggests.
But the world could be moving into a non-pattern method of unlocking phones, anyway: Face ID on iPhone X is certainly a testament to that. Biometric unlocking methods are slowly becoming necessary, to the point where traditional PINs or patterns are now mere failsafes for when the main methods don't work.
Thoughts? Sound off in the comments section below!