Kostenko Maxim/ShutterstockLocking your phone is always a good idea if you want to keep your data safe from thieves (especially with this “Find My iPhone” scam making the rounds). But one specific type of password is way too easy to break.
Researchers had 1,173 participants watch videos of people unlocking their phones, as if they were looking over the victims’ shoulders. The people in the videos used either a four- or six-digit PIN passcode (like iPhones use) or a six-spot line pattern (like Androids use). Then the volunteers tried to guess what the security pattern was.
The six-number PINs turned out to be the most secure way to lock a device, according to results in Proceedings of the Annual Computer Security Applications Conference. Participants could only figure out and remember the password about 11 percent of the time when they’d only seen the phone owner punch it in once. After watching multiple times, volunteers could “break in” successfully 27 percent of the time.
On the other hand, the graphical Android passwords—using a pattern of lines to unlock the phone—were disconcertingly easy to figure out. Watching just once, volunteers could copy it back correctly 64 percent of the time. Those odds rose to a whopping 80 percent if volunteers watched more times. The line patterns were even easier for “thieves” to repeat, likely because the graphic shape was more memorable than a set of random numbers. (Find out why scammers can hack your password recovery questions easily, too.)
Luckily, there was one way to make a graphic Android password way harder to crack. When the phone was set so the lines wouldn’t stay on while the user unlocked the phone, participants were only able to attack successfully 35 percent of the time, or 52 percent with multiple views. “While both types of pattern input are poor, pattern without lines provides greater security,” the study authors write. Here are 5 more tricks for keeping your phone secure.
Bottom line: A fingerprint reader is impossible to guess, but when you do need to punch in a password manually, create a code that’s as long as possible. If you have an Android, make sure the lines aren’t visible while you swipe the pattern.
Watch out for these 10 phone scams that can steal your money even without knowing your password.
[Source: The Telegraph]