Why Pattern Locks Are Not Secure on Android (And What To Use Instead)

Smartphones have become a device where you keep a lot of personal data. You may have information such as your credit card numbers, address or scanned personal documents. Because you have such sensitive data, you add a security method to prevent others from accessing it.

A popular security method around 40% of Android users choose is a pattern lock. A pattern lock may sound more appealing because it’s easier to enter. Also, no one can see you tap on particular letters and numbers. But, are pattern locks really that secure?

According to new security research from Lancaster University, Northwest University in Chine, and the University of Bath, 95% of Android patterns can easily be guessed in 5 attempts or less. This study discovered that hackers could easily guess your pattern lock by filming you as you enter your pattern lock.

The hacker can easily be up to two and a half meters away and only use their smartphone’s camera to record you entering your pattern lock. If they were to use a digital SLR camera, they could even be as nine meters away regardless of the size of the phone’s display.

pattern-lock-min

Once they have the video footage, they use a computer vision algorithm to process your finger movements. Within seconds, the algorithm will then give the hacker some possible pattern lock combinations to try out.

There is also no need to record your phone’s display since the algorithm can give possible combination by only focusing on your finger movements.

Is it safer to use a more complex pattern? No, since the more complex they are, the easier they are to guess. This is true because they help the algorithm narrow down the possible combinations. Dr. Zhheng Wang, principle investigator and co-author of the paper said that people have a tendency to use more intricate patterns when trying to protect important financial information.

pattern-lock-draw

If you don’t want to change your pattern lock method to a password or pin, try using a shorter one since they are not as easy to crack. The researchers also advise that users cover the display while entering their pattern lock, just like when you enter your pin at the ATM.

Keeping your smartphone’s display clean is also a good idea because someone can guess your pattern by the smudges on the phone screen.

If you’re ready to leave your pattern lock behind, a pin, face recognition access or a fingerprint (if possible) are also great options. Traditional passwords are also a great option but the longer they are, the better. Adding some special characters to your password will secure your information even more.

pattern-password

When creating your password, never use personal and obvious information. For example, never use your kids or spouse’s birthday or your wedding anniversary.

Locking your Android device with a pattern lock is definitely more convenient, but it’s not the safest method to choose from. Passwords to take longer to enter but will do a better job of keeping your data safe. What security method do you use? Drop a comment and let us know.

9 comments

  1. Quote:
    “The hacker can easily be up to two and a half meters away and only use their smartphone’s camera to record you entering your pattern lock. If they were to use a digital SLR camera, they could even be as nine meters away regardless of the size of the phone’s display.”

    And this is not possible with a pin, too?

    • Hey Elkazaam,
      The research concentrated on patterns but I think it could be possible as well. That’s why it’s always a good idea to cover your phone’s display when entering it, just in case.

  2. Would be nice if you would have included info on actually methods to switch to a face or finger print. Finally got a phone last year, so not into all the bells and stuff. If the article had links to methods to switch, it would have been nice to check out.

    • Hey Michael,
      Do you mean an in-depth review on how face recognition and fingerprint scanners are or are not safe?

      • I was just looking at options on doing it. Seem to see a number of what seem to be fake fingerprint programs in the google play section?? Then saw were it is actually in the latest version of andriod, but unfortunately, not in the one that my phone has. I’ve the L.., and it seems M.., has it.

        It would probable be nice to know how good they are as well. Had a friend that had a notebook with finger print scanner, and it worked fine with her fingerprint to get in, but we found others could also get it to work with there fingers, so it wasn’t 100%.

  3. Even when using fingerprint and/or iris scan, Android asks you to have a “backup” method using either PIN, pattern, or password also. So is it (in your opinion) safe to have a pattern as a “secondary” lock? I will do what I always do, but then I am far from a novice. Others might, or should want to know the answer. particularly those who rely on your site for their info.
    Thank you

    • Hi Joel,
      Thanks for commenting. I would go with the password as the secondary method. Remember to create a password that’s not easy to break.

      • No matter how complex you make it, a password or a pin is still a pattern that can be captured by a hacker with a video camera unless you use a ‘one-time’ password/pin.

        A hacker may be able to capture your ‘pattern’ remotely but (s)he will not be able to enter it remotely. To be able to use the cracked pattern, a hacker would need physical access to your smart phone. Therefore, the most important safety precaution is not a patter/password/pin, but making sure that you never lose the physical possession of your phone. Once the hacker has physical possession of your smartphone, the only security measure that will prevent the data from being retrieved, is if the phone self-destructs.

        Let’s face it. With the state of smartphone security, or lack thereof, anybody that stores private information on their phone is a fool. Yes, it is very convenient to have all your personal, financial and professional data in the palm of your hand, but the price of that convenience is security and privacy. If it is convenient for you, it is just as convenient for the nogoodniks.

        • Hey Dragonmouth,
          I agree, the less personal information you have the better but that can be really difficult for some users. The reasons why vary but I always try to have as little information as possible. I never have my banking info or account linked to my phone, ever. Thanks for commenting.

Comments are closed.

Sponsored Stories