Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

Not so secure after all — Android Lock Patterns are just as easy to crack as passwords

Add as a preferred source on Google

They might seem trickier, what with their dots and lines and patterns, but as it turns out, the lock codes familiar to Android users are just as easy to crack as the alphanumeric ones used by iPhone devotees. One Master’s degree candidate at the Norwegian University of Science and Technology named Marte Løge analyzed no fewer than 4,000 Android lock patterns (or ALPs), and discovered that a whopping 77 percent begin in one of the four corners, and more surprisingly still, nearly half, at 44 percent, started at the top left. So much for creativity, eh?

Just as many traditional passwords begin with “123” or are simply the word “password,” ALPs also tend to follow rather predictable trends. And although the relative newness of ALPs (they were only introduced in 2008) has made them a bit less vulnerable to widespread attack, Løge’s work serves as a sobering reminder of how vulnerable passwords, even the newfangled sort, really are.

Recommended Videos

Upon presenting her research at PasswordsCon conference in Las Vegas, the graduate student noted, “Humans are predictable. We’re seeing the same aspects used when creating a pattern for locks [as are used in] pin codes and alphanumeric passwords.”

Interestingly enough, Løge found that men and women exhibited different tendencies in terms of password strength and complexity. While both sexes most often created ALPs that utilized just four nodes (there are a total of nine possible on Android devices), men and particularly young men were more likely to choose long and more complicated patterns. Of course, the same pitfall that faces complicated alphanumeric are present in ALPs — the more complicated the password, the more difficult it is to remember.

As such, Løge found that many people seemed to assign numbers to the node, as though it were a phone pad. Or, their patterns closely resembled letters — in fact, 10 percent of the patterns analyzed reflected some part of the alphabet. Speaking to Ars Technica, Løge said, “It was a really fun thing to see that people use the same type of strategy for remembering a pattern as a password. You see the same type of behavior.”

So what’s the solution? Løge suggests using patterns that contain a lot of crossover, making them difficult to copy or decipher. You can also turn off the “make pattern visible” setting within the Android, so wandering eyes will have an even harder time seeing what pattern you’ve chosen. But whatever you do, just be wary. Ultimately, ALPs are barely, if at all, more secure than other sorts of passcodes.

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Finding photos is so much easier with Siri AI in iOS 27 that I no longer scroll
Natural language photo search in iOS 27 is the kind of feature that quietly becomes essential.
Electronics, Phone, Mobile Phone

My camera roll has crossed 8,000 photos, and it got there by capturing random moments (only to forget them later). The problem, however, starts when someone asks me to share something specific. It could be their portrait from last weekend or the food pictures they snapped using my phone.

Finding those pictures usually means scrolling through my seemingly endless camera roll. If the photo is a month or two old, I end up scrolling past hundreds of other images to find it, and that gets old fast.

Read more
WhatsApp clears that usernames won’t leave you open to scammers
New safeguards include username keys, rate limits, and anti-impersonation protections.
Whatsapp Usernames Whatsapp Username

WhatsApp's long-awaited username feature is now officially rolling out to users. But almost as soon as it was announced, many began asking an obvious question: won't this make it easier for scammers to message strangers? Now, WhatsApp has stepped in to explain why it believes that won't happen.

WhatsApp says usernames aren't as open as Telegram's

Read more
Forget Apple’s AirTag, Motorola’s new Android tracker lasts over 500 days and costs less too
Moto Tag 2 could be the AirTag Android users actually buy
Moto Tag 2 with car keys

Motorola is finally bringing out its second-generation Android smart tracker. While Apple's AirTag has been hogging the limelight, the Moto Tag 2 is the new rival in town, arriving in North America starting June 30. It brings UWB (Ultra Wideband) tracking support, Bluetooth Channel Sounding, and Google Find Hub support in a compact tracker built for keys, bags, luggage, camera gear, and anything else people keep misplacing.

The real headline, though, is the battery life. Motorola claims that this is its longest-lasting smart tracker yet, with more than 500 days of battery life from a replaceable CR2032 battery.

Read more