By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Cross-Site Scripting: The Real WordPress Supervillain
    Cross-Site Scripting: The Real WordPress Supervillain
    12 months ago
    Hackers targeting your smartphone
    12 months ago
    Improved Version of CTB-Locker (Onion Ransomware) Emerges
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Notification about increase in ransom DDoS threats
    12 months ago
    Windows 11 build 25169 outs with new features
    12 months ago
    How to enable Bluetooth on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    22 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    22 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    22 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    The most Important Shortcuts Keys For Computer
    12 months ago
    What’s new in Chrome 88
    12 months ago
    Windows 11 might get floating Taskbar similar to macOS
    9 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: DEF CON 23: Tell me who you are and I will tell you your lock screen pattern
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

Vitus White
Last updated: 7 October
Vitus White 12 months ago
Share
5 Min Read

The predictability of human beings can barely be overestimated. This predictability can be easily exploited when it comes to things like passwords, secret words, PIN codes and more. Many of us use names, dates of birth and another easy-to-guess things as passwords, not to mention really obvious crap like ‘12345’ that is still surprisingly popular. What about lock screen patterns, are we predictable as well when we’re creating them? As it turns out — we are.

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

Researcher Marte Løge from Norwegian company Itera, have made an analysis, what patterns people are actually creating when they are asked to do it for three instances: shopping app, smartphone lock screen and online banking respectively. The results are quite startling.

Firstly, there’s a strong relation between type of the app one wants to lock and strength of the pattern. People tend to use less strong patterns for smartphones lock screen then they use for online banking and even shopping apps.

How predictable are screen #lock #patterns and how to create the most #reliable one

Tweet

Secondly, lots of people, about 10% of the thousands surveyed by Løge, are using letters-like patterns, which are complete analog of such crappy passwords like’12345′ and by any means can’t be considered strong enough to protect anything.

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

Letters-like patterns are the worst and the most easy-to-guess

Thirdly, there are approximately 390,000 combinations that a hacker can guess, but the number of combinations can be shrunk due to the human factor. The majority of the combinations mentioned above contain eight or nine points, unfortunately these are not used. Instead the actual pool is roughly 100,000 combinations.

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

Despite the fact the overall number looks pretty good, about 3/4 of all combinations correspond to 8- and 9-points patterns which are rarely used by people

An average length for all patterns in research is about 5 — that is not good enough to protect the smartphone or app. This length gives you about 7,000 of possible combinations, and thus obviously is even weaker than simple 4-digits PIN-code. And the most popular length is 4, which stands for just 1,600 of combinations.

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

Patterns of length 4 are the most popular

Moreover, to reduce the count of combinations to even much lower numbers, you can easily predict the starting point of a pattern. People tend to use corners as a first point, about a half of all patterns have starting point in upper-left corner. Combined with lower-left and upper-right corners it gives you 73% of all combinations people are actually using.

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

Curiously, it almost doesn’t matter if you’re talking about right or left-handed person, and if the smartphone is used with one hand (likely for smaller screens) or with two hands (likely for bigger screens). The numbers are very close.

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

Another curious fact is that women tend to use weaker patterns than men. And the age of a person also matters: the younger you are, more likely you use stronger pattern. So, knowledge of sex and age of person can really help to predict the pattern that he or she uses.

DEF CON 23: Tell me who you are and I will tell you your lock screen pattern

What can we learn from this research? Basically, if you’re using patterns for Android screen lock or some sensitive apps, and you want to really protect your data, the best strategy is to act like nobody does. And these are our advices:

  1. Never use obvious combinations such as letters-like patterns. Using that weak pattern is pretty close to using no pattern or password at all.
  2. Use one of the starting points rarely used: the best one is in the middle of the right side. The lower-right corner is pretty good as well.
  3. The best lengths for a pattern are 8-points or 9-points: firstly it gives you a huge number of possible combinations; secondly these lengths are the least popular.
  4. And of course, consider switching to password from patterns. It may be easier to remember password, even long and reliable one, than strong enough pattern.

How long would it take for your password to be cracked? https://t.co/9nLxWV1Ghu #security #themoreyouknow #it #smb pic.twitter.com/JmwqNtpsq6

— Kaspersky Lab (@kaspersky) August 3, 2015


Source: kaspersky.com

Translate this article

TAGGED: Security, Threats
Vitus White October 7, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 22 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 22 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

22 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?