Leave a comment

One big passcode mistake smartphone and tablet owners make

Unless you want a thief or snoop rummaging around in your phone or tablet, you need to set up your gadget's lock screen. Fortunately, most newer gadgets have you do this by default, but if you bypassed this, or have an older gadget that didn't require it, here are the instructions for turning it on.

The lock screen traditionally requires you to enter a four-digit code or a full password to use your gadget. Most people opt for the four-digit code, even though it isn't that secure. It's well-known that many people choose obvious codes like "0000," "1111," "1234" or "0852" (swiping up the center keys), but even harder pass codes won't keep out a determined hacker for long.

The reason most people don't go for a full password, however, is that a long password is a pain to type every time you want to use your phone, which could be dozens of times a day. That's why gadget makers have added more convenient medium-security alternatives like facial unlock, fingerprint scanning or, in Android's case, drawing a pattern.

For most people, drawing a pattern is the preferred solution. Facial unlock isn't actually that secure and, outside of Apple's iPhone and the newest Samsung Galaxy phones, fingerprint recognition is a little spotty. A pattern is fast to enter, easy for our brains to remember, and with nine possible pattern points, there are too many combinations for a thief to try.

At least, that was the theory.

The problem with patterns

For her master's thesis, Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, analyzed 4,000 lock patterns. She found that over 77 percent of people start their pattern in one of the four corners, and 40 percent start in the top-left corner.

Just as worrisome, most people only used the minimum of four nodes or just five nodes for their pattern, which drops the possible combinations from the maximum of 140,704 to 1,624 and 7,152, respectively. That's still too many for a person to guess, but just like with the 4-digit PIN, there are some combinations people favor, and hackers will eventually figure them out.

A quick "L" or "Z" shape starting in the upper-left corner or an up-down snake pattern are very common, for example. Løge also found that 10 percent of her subjects spelled out a letter that had some significance to them, such as a spouse or child's first initial.

New data uncovers the surprising predictability of Android lock patterns Ars Technica

That means a hacker, especially if they know the victim, has a small but solid chance of guessing the pattern in not many tries. It's like the early days of computer passwords all over again.

If you're using a pattern on your gadget, what steps can you take to keep someone from guessing it?

Creating a strong pattern

The first thing to do is use eight or nine nodes in your pattern. A hacker or snoop trying for a quick score won't bother attempting patterns with that many nodes when most people only use four or five.

Even with that many nodes, however, if you spell out a common shape like a letter, or start it in a corner, you're improving the attacker's chance of getting in. You want a pattern that starts in the center or edges and crosses itself several times.

Here's the type of pattern Marte Løge suggests (obviously you shouldn't use this exact pattern, though):

New data uncovers the surprising predictability of Android lock patterns Ars Technica

It would be hard for anyone to guess this, and even someone looking over your shoulder might not catch it with a single look. Speaking of looking over shoulders, another security measure you'll want to take is turning off the "make pattern visible" option.

A bit more security

By default, when you draw your pattern on the lock screen you'll see lines connecting the nodes so you know what you're drawing. However, this is like turning on "show password" when you're typing it in. It's good for avoiding typos, but anyone in the area can see what you're doing.

In your Android gadget, go to Settings >> Security and uncheck "Make pattern visible." On some gadgets you might find it under Settings >> Lock Screen. Now all a spying thief will see is your finger moving quickly over the nodes, which will make it much harder to remember your pattern.

When you're in your security or lock screen settings, you might also see the "nuclear" option. It's called "Auto factory reset." If this is on (and some gadgets have it on by default), you only have 10 attempts to unlock your gadget and then it wipes itself clean.

This is a good defense against a hacker trying your pattern or password an unlimited number of times. However, if you tend to fumble your login information, or you have little ones around who like to play with gadgets and don't understand warning messages, it might be best to turn this off.

Bonus: Smart Lock

Since we're talking about lock screens, there's a wrinkle on some newer Android phones called Smart Lock (usually under Settings >> Security or Settings >> Lock Screen). Say you connect your phone to your car's entertainment center or a wireless headset using Bluetooth. With Smart Lock, you can set it so that the lock screen doesn't activate while your phone is connected to the trusted device.

You can also set up trusted places, trusted voices and on-body detection. As long as you have the phone with you, or in a place you know is safe, such as your home, you don't have to mess with unlocking the phone every time you want to use it.

Next Story
How to save text messages that you wouldn't want to lose forever
Previous Tips

How to save text messages that you wouldn't want to lose forever

How to see (and erase) your Facebook search history or else
Next Tips

How to see (and erase) your Facebook search history or else

View Comments ()