Best daily deals

Links on Android Authority may earn us a commission. Learn more.

Lock patterns are more predictable than we thought

Studies show we are just as bad with Android lock patterns as we have been with passwords. How can you stay protected?
Features
By
May 10, 2021
lock patterns
Edgar Cervantes / Android Authority

Google introduced lock patterns in 2008. It was harder to perform thorough studies in earlier years, but this authentication technique has become more mature. Fast-forward to 2021 and we’re seeing better research showing up. Sadly, most results are no good news. Experts from Cornell University, Eset, NTNU, and the Offensive Security Society, among others, agree that a pattern lock is an unsafe way to protect your private information. Let’s see why!

Related: How to encrypt your Android device


Lock patterns are easy to remember

Google Pixel 5 using phone from the back 2
David Imel / Android Authority

Passwords have all kinds of letters, symbols, and capitalization can make a difference. This format makes them very secure. Meanwhile, a lock pattern is pretty much the making of a shape, and the human brain is very good at remembering these. In Cornell University’s study, a group of people was asked to see a person entering a pattern from different angles. These participants were then asked to act as attackers and try to unlock the device.

64.2% of them were successful after seeing the phone being unlocked with a pattern once. This number went up to 79.9% if the “attacker” got to see the phone being unlocked multiple times. Successful attacks were much lower when using a PIN. Only 10.6% of attacks were successful after a single observation of a PIN unlock, and that number increased to 26.5% with multiple observations.

This means that an attacker will likely remember your lock pattern after only seeing you input it once. Any cashier, person behind you in a line, or common acquaintance will likely see you unlock your phone at some point! And there is no real solution to this, other than making your pattern unlock more complex or being careful about unlocking your phone in front of others.

Also: The 10 best password managers


There are some very common patterns!

Google Pixel 4a 5G in hand front of phone 2
David Imel / Android Authority

We’re not always the best at creating passwords, which is why passwords like “password” and “123456789” exist. Splash Data once gave us a list of the worst (and most popular) passwords. Seeing those will open your eyes to this issue. As tech consumers, we look for the simplest route possible. It’s the main reason why lock patterns were created. Pattern locks provide an easier way to keep your phone protected, but we have to sacrifice some security level to obtain simpler unlock methods.

Humans are predictable. We're seeing the same aspects used when creating a pattern lock pin codes and alphanumeric passwords.Marte Løge

A system is only strong when we know how to use it, and it seems many of us are making our lock patterns way too simple. This will prove to be a danger once attackers learn more about our collective pattern choices.

Here are some of the most common lock pattern habits

  • 44% of people usually start their patterns from the top-left corner dot.
  • 77% of users started their patterns in one of the corners.
  • Most users use only 5 nodes, and a significant amount only used 4.
  • Over 10% of lock patterns were made in the shape of a letter (often representing the first initial of the person or a loved one).
weak-android-lock-patterns-640x380

Choosing better lock patterns

Let’s stop giving researchers data to analyze. Remember these devices hold your whole digital life; we shouldn’t protect something like that with an easy pattern. I’ll give you some of my favorite tips for making Android lock patterns more complex.

  • Don’t use your first initial as a pattern. Seriously, that is like making your debit card PIN your birth date. That’s a huge no!
  • We simplify our security and forget Android lock pattern lines can go over each other. If you have more crossovers, it’s harder for an attacker to predict your pattern.
  • Try to make your patterns longer! You can use up to 9 nodes! Why are we sticking with 4-5? In fact, you can get away with using 8 nodes and have the same amount of possible combinations as if you were using 9.
  • Of course, try to take the common pattern habits mentioned above and do the opposite. Try to start your pattern from a node that is not in a corner and avoid the common top-left period.
alp-complexity-640x375 lock

Consider switching to other unlocking methods

It’s this type of information that makes me more of a biometrics advocate. Creating our own security authentication has proven to be a weak solution (on a greater scale, of course). Fingerprint readers, retina scanners, and face recognition are very secure methods that can be harder to spoof.

You can also try to use a more complex password or a good PIN. This will make accessing your phone much harder. Of course, that is given you don’t pick a super easy passcode.

Next: The best security apps you can download