"How Android Unlocking Patterns Could Be Made More Secure"

Android device users can unlock the display by entering a pattern, often in the shape of a letter. While this function is convenient, it is less secure than using a PIN. An international research team recommends the implementation of a blocklist on Android devices to prohibit the 100 most popular patterns, which are the easiest to guess. Philipp Markert from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum, in collaboration with colleagues from George Washington University and the United States Navy, explored how this method should be implemented. The use of a four-digit PIN allows 10,000 different combinations. Theoretically, there can be 389,112 versions of the Android patterns that are drawn on a three-by-three grid. However, users are not taking advantage of these options. In areas of the world where people read from the top left to the bottom right, patterns in the form of letters are popular. About 49 percent of all patterns start in the top left. A little over 32 percent end in the bottom right, making it easier for attackers to guess a pattern. The research team tested how blocklists of different lengths affect security and usability. More than 1,000 people were asked to select a new unlocking pattern, some of which were able to select from all theoretically conceivable possibilities. Certain patterns were left out for the other five groups in which blocklists of different lengths were used. If a user selected a blocklisted pattern, they were given a warning and had to enter a new pattern. In an earlier study, the researchers identified the most popular Android patterns. The shortest of the five tested blocklists had twelve of the most popular patterns from the previous study, while the longest blocklist contained 581 of the most popular ones. The medium-length list with 100 blocklisted patterns is suggested to be the best compromise between security and usability. The researchers also verified how the blocklists impacted the security of the patterns. They simulated the ease at which an attacker could guess the pattern of a stolen mobile phone. The chance of success was 23.7 percent after 30 attempted guesses, without a blocklist. It was 2.3 percent with the longest blocklist. The recommended list with 100 blocklisted patterns reduced the chances of success to almost 7.5 percent. This article continues to discuss the key findings from the study on how to increase the security of Android unlocking patterns. 

RUB reports "How Android Unlocking Patterns Could Be Made More Secure"