The behavior of any human being can be predicted with a high degree of probability, and this can be easily exploited when it comes to passwords, secret words, PIN codes or the like – many of us use easy-to-guess names, dates of birth, etc., not to mention the trivial combination digits 123456, which is still surprisingly popular . What about screen blocking patterns for electronic devices? Is it just as easy to predict them? It turns out that it is.
Researcher Marte Løge from the Norwegian company Itera conducted a study on what patterns people choose for shopping apps, smartphone screen locks and online banking. The results turned out to be amazing.
First, there is a strong correlation between the type of application you want to protect and the complexity of the pattern. People tend to set much weaker passwords on the screen lock than in a banking or shopping app.
Is the phone lock pattern easy to guess? How to create a solid pattern?
Second, many people (about 10% of respondents) use letter-like combinations that are just as weak as security like 12345. Such passwords are not strong enough to protect anything.
Third, a hacker can choose from around 390,000 combinations, but this number can be significantly reduced if the nature of man is taken into account. Most of the possible connections contain at least 8 or 9 elements, but unfortunately they are not used. As a consequence, the real pool of possible passwords is narrowed down to 100,000.
The examined patterns covered an average of 5 points – this is not enough to secure a smartphone or an application. This length is approximately 7,000 combinations, which is less than a 4-digit PIN. Meanwhile, the most popular version of the code length (4) gives only 1,600 possible combinations.
Moreover, the starting point of the pattern can be easily predicted to reduce the number of possible combinations. People tend to use corner spots as the first point, and up to half of all patterns start in the upper left corner. Combined with the lower left and upper right corners, you get 73% of all possible combinations that people actually use.
Interestingly, it hardly matters whether we are talking about right- or left-handed people, and whether the smartphone is used with one hand (more likely with smaller screens) or with two (larger screens). These numbers are very close.
Another interesting finding is that women tend to use weaker patterns than men. Age also matters – the younger you are, the more likely you are to use a stronger formula. So knowing the gender and age of the phone user can help you guess the pattern.
What are the conclusions of the above study? If you are using Android screen lock patterns or to protect your sensitive apps and you want to keep your data safe, your best strategy is to choose custom patterns.
Here are some practical tips to help you achieve this goal:
- Never use easy-to-guess patterns, such as letters. By using them, you might as well give up your password.
- Select one of the rarely used points as starting points – the one in the center of the right column is best. The bottom right corner is also a nice idea.
- It is best if the formula consists of 8 or 9 points as this gives a huge number of possible combinations. Moreover, this length is the least popular.
- You can also consider replacing the pattern with a standard password. Perhaps it will be easier for you to remember a password (even a very long and well-structured one) than a strong enough pattern.