.Smartphone Unlock Pattern vs 6 Digit PIN Security
Smartphone Unlock Pattern vs 6 Digit PIN Security
Security: Don't Rely On An Unlock Pattern To Secure Your Android Phone
By Andy Greenberg
SMARTPHONES TODAY COMPETE over which can best secure your secrets. They encrypt your data, store the digital keys to unlock themselves on specialized hardware, and even offer fancy biometrics from fingerprints to faceprints.
But many millions of smartphones remain open to an absurdly low-tech attack: a sly glance at someone's phone while they unlock it. One new study has quantified just how easy an Android-style unlock pattern—as opposed to a six-digit PIN or biometric unlock—makes the job of any over-the-shoulder snoop.
Security researchers at the US Naval Academy and the University of Maryland Baltimore County this week published a study that shows that a casual observer can visually pick up and then reproduce an Android unlock pattern with relative ease.
In their tests, they found that six-point Android unlock patterns can be recreated by about two out of three observers who see it performed from five or six feet away after a single viewing.
Spotting a six-digit PIN of the kind used in most iPhones, on the other hand, proved surprisingly difficult: Only about one in ten observers in the study could reproduce it after one look.
That disparity is in part due to how memorable an Android unlock pattern is for human brains, says Naval Academy professor Adam Aviv.
"Patterns are really nice in memorability, but it’s the same as asking people to recall a glyph," says Aviv, who along with his fellow researchers will present the paper at the Annual Computer Security Applications Conference in Puerto Rico in December. "Patterns are definitely less secure than PINs."
In their tests, the researchers recruited 1,173 subjects from Amazon's Mechanical Turk crowdsourcing platform to watch carefully controlled videos of the unlocking online, and had subjects try guessing PINs and unlock patterns after watching the phone's owner unlock it with commonly used PINs, or patterns from five different angles and distances, averaging out those variables.
They also repeated the video test with 91 people in person, just to check their online results.
They found that around 64 percent of the online test subjects could reproduce a six-point pattern after one viewing, and 80 percent after two. Only 11 percent could identify a six-digit PIN after one viewing, and 27 percent after two.
To continue reading, please go to the original article at