Though unlock patterns used by Android phones may seem more random — and therefore more secure — than passcodes, they can be surprisingly easy to crack. While there are hundreds of thousands of possible codes, most of us use just a handful of predictable patterns, starting at the top left and moving right and down from there, just like we would read. (Back in 2015, a study found that 44% of lock patterns start in the upper left corner of the phone screen.) Because of that predictability, computers can guess lock patterns with 95% accuracy by analyzing video (taken from up to 29 feet away) of someone unlocking their phone.
But a new study by the US Naval Academy and the University of Maryland Baltimore County suggests that humans are actually nearly as good at guessing lock patterns. The study recorded individuals unlocking phones — taking video from different distances and angles — secured with both 6-digit PINs and 5-node patterns. Study participants then watched the videos and tried to guess the code or pattern.
After an over-the-shoulder look at someone unlocking a phone secured with an unlock pattern, 64% of study participants could guess the pattern and unlock the phone on the first try. That number jumped to 80% when participants were allowed to see the phone being unlocked again. When trying to guess PINs, only 10% succeeded on the first try, and only 25% succeeded after multiple viewings.
The human brain is good at guessing patterns according to Naval Academy professor Adam Aviv, one of the researchers who ran the study. The study's statistics don't lie: Aviv says that patterns are definitely less secure than PINs.
So how should you secure your Android phone? If you can't stand to be parted from your pattern lock — which is still better than not locking your phone at all — turn off Android's feedback lines. This feature shows a visible line on the screen as you trace your pattern, and it makes it easier for onlookers to see and guess your pattern. Without feedback lines, only 35% of study participants could guess the right pattern.
However, a better solution is to switch to a PIN or, if your phone supports it, a fingerprint.
[image credit: Techlicious]
