New data uncovers the surprising predictability of Android lock patterns

anvilfour · 16-09-2015 2:36pm #1

Just been reading this month's Cryptogram newsletter and saw a link to this very interesting article:

The abundance of password leaks over the past decade has revealed some of the most commonly used—and consequently most vulnerable—passphrases, including "password", "p@$$w0rd", and "1234567". The large body of data has proven invaluable to whitehats and blackhats alike in identifying passwords that on their face may appear strong but can be cracked in a matter of seconds.

See full article : http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/

anvilfour · 16-09-2015 2:37pm

I must confess I have been guilty of using the "N" pattern... I have never thought the pattern offered as much security as a code in that the very reason patterns are popular over passphrases i.e they are easier to remember is precisely what makes them vulnerable. Still I'd be very interested to hear all your thoughts on this.

CelticRambler · 16-09-2015 2:45pm

Maybe they're underestimating the general public's appreciation that even a "secure" password is of limited usefulness when data miners can figure out all the "important" stuff about us anyway.

I have one of those simple lock patterns, not because I'm bothered by someone stealing my data but because Google-Android haven't yet provided a way to stop my icons from moving themselves all around the screen. Bloody annoying though, as even the simple one can take three goes to unlock if I'm doing it left-handed or sideways or with cold fingers in the rain.

Zillah · 16-09-2015 2:49pm

Mine is a counter intuitive nine-point unlock and I have the GUI feature where they light up disabled, so people looking over my shoulder can't really see it either. The "three failed attempts to unlock with increasing fury" period only lasted about six months...

anvilfour · 16-09-2015 2:50pm

Some very interesting thoughts, thanks guys!

Of course this would only be a problem if your device were stolen or seized, still that's much more likely to happen than for you to be targeted by hackers!

Zillah · 16-09-2015 2:54pm

Can someone more mathematically minded explain why an eight point code is no more secure than a nine point code, please?

anvilfour · 16-09-2015 2:57pm

Zillah wrote: »

Can someone more mathematically minded explain why an eight point code is no more secure than a nine point code, please?

You asked!

http://commons.erau.edu/cgi/viewcontent.cgi?article=1026&context=db-security-studies

Zillah · 16-09-2015 3:00pm

Can someone more mathematically minded explain why an eight point code is no more secure than a nine point code, as though explaining to a child, please?

EDIT: Wait, I just got it I think. If you've used 8 of 9 possible input points, there is only one remaining point to choose from, so there are effectively no further variations?
EDIT: Actually I'm not entirely sure that makes sense...

_Tombstone_ · 16-09-2015 9:42pm

Use Pin or Pattern (not the word lock) if using Lollipop, another new bug out for crashing the lock and accessing the Main Screen, as simple as entering a big huge password.

http://www.theguardian.com/technology/2015/sep/16/android-lockscreen-password?CMP=twt_gu

New data uncovers the surprising predictability of Android lock patterns

Comments