Which Is More Secure, A Password Or a Pattern Lock?

Ads by Google

pattern or pin vs passwordOur smartphones carry a lot of personal information. All of your text messages, emails, notes, apps, app data, music, pictures, and so much more are all on there. While it’s a very great convenience to have all of these on your phone, it’s also a major security risk if all of this data is easily accessible. The best way to prevent simple unauthorized access is by setting some sort of lock on your phone.

Two popular choices, especially on Android phones, are passwords and pattern locks. However, which one is the most secure to use? In order to answer that, we’ll have to use our brains and some math.

Passwords

pattern or pin vs password

Passwords are a bit harder to use than pattern locks because you actually have to type out your password. They are, however, still plenty easier than some desktop authentication methods available, such as multifactor authentication. But just how safe are they? In order to figure out how safe a method is, you’ll have to look at the number of possibilities.

No method is completely safe if an unauthorized user knows your password or pattern, but if they don’t know, they’ll have to keep guessing. If there are more possibilities, the person will have to make more guesses, which makes it safer and more secure.

For our experiment, we’ll compare 5-character passwords with 5-point patterns. Passwords can contain any character on your keyboard, including a-z, A-Z, 0-9, and all special characters, such as !, @, #, $, and so on. In total, that’s about 90 different possibilities with a US English keyboard. Each character can use all possible entries, so each character can be any of those 90 possibilities. In mathematical permutations, we have to multiply them together.

So for a 90 character password, 90*90*90*90*90=5,904,900,000. That’s almost 6 million different passwords you can make if it’s only 5 characters long! No one will manually try to type in 6 million different passwords in order to guess the right one. Of course, for each additional character in your password, you multiple that number by 90. So upgrading to just a 6 character password gives you 531,441,000,000 possibilities. That’s a lot.

Ads by Google

Patterns

pattern or pin vs password

Pattern locks, however, are quite different. Although they look quite confusing and complex, they’re actually not. In order to explain why not, we’ll need to look at the maximum number of permutations. When you first start with your pattern, you have nine points to choose from. This will be our first factor. Let’s take the choice which gives us the most amount of options: the middle point. From here, you can pick any of the eight others as your second point. This will be our second factor. Whatever point you picked will give you the number of available neighboring points. A corner point leaves only two options, while a side point gives you four — the two corners and the adjacent side points.

But lets ignore the fact that you may (or may not) have to pick a neighboring point. If you can go to whichever point you’d like next, you’ll only have seven available options left as you can’t pick a point twice — the reason why each factor’s value is declining. This is our third factor.

The fourth and fifth factors would, ideally, be six and five. Therefore, under ideal conditions, the maximum amount of permutations you can get with a 5-point pattern is 9*8*7*6*5=15,120. Even if you went ahead and used a 6-point pattern, you’d only get a total of 60,480 permutations. Compared to what passwords offer, that’s absolutely nothing.

Admittedly, no one with a reasonable mind will want to manually try out 15,120 different possibilities, but the ratio of permutations of a 5-character password compared to a 5-point pattern is almost 390,536:1. Insane.

The Verdict

Clearly, the obvious choice for staying secure is to use a password instead of the pattern lock.

While the pattern lock may be fun to use, there’s plenty of data on your phone which you don’t want others to have. Now that I’ve done the math myself, I’ll be sure to use a password from now on, as it’s a whopping 390,536 times more secure when comparing 5-character passwords to 5-point patterns, and that number increases when you compare 6 vs. 6, 7 vs. 7, and so on. Additionally, using the pattern lock places some pretty unique smears onto your phone, which other people can look at to narrow down the possible choices for your pattern. Password users are less susceptible to this because it gets blurred with other typing activities such as texting.

Don’t feel too safe however by using the password method. You’ll still want to use a good password in order to stay safe, and only then can you truly use the mathematical advantage over pattern locks. Check out these articles for creating good passwords you can still remember, creating a seriously hard password to break, testing your password for strength, and managing your passwords on your Android device.

Which locking mechanism do you use on your Android device? Does your password’s strength stack up? Let us know in the comments but please don’t share your passwords.

Image Credit: Internet background with binary code via Shutterstock

Ads by Google
Comments (46)
  • doublespeak

    I think the easier the protection, the more secure. Why? Because pattern is fun, password is a pain. People will swipe willingly! With passwords, on the contrary, users will set a longer time before the phone is password protected, in order not to have to digit it all the time, and that makes the phone less secure. Or, users will even disable the password protection altogether, if they get fed up.

  • John Williams

    I made a nine button lock many years ago. All who tried it used it as a sequential phone keypad. Actually you had to press 4 buttons simultaneously – they were simply wired in series. The other five buttons were wired in parallel and touching any one “wrong” key set off a sixty second delay. The pattern was in how you held your hand to press all the correct keys at once. Increasing it to a 5×5 grid of 25 physical keys was too expensive at the time …. anyone want to write an app?

    By the way all the pattern swipers I’ve seen always seem to use letter or number shapes. What if you had to swipe out a 5 digit Pin number? What if the pattern reader learned your swipe speed or that little pecadillo of yours to scratch your nose before swiping the last digit? Think like – the mark of Zorro!

    Seriously though, ditch the idea of “password” you need a “passphrase” or better still, a pass poem. Learn a song or poem, use the first letters of the words or each line. Use an old, old number from your past – or a song with numbers in it. Finally pick 2 or 3 symbols like + and >, but not too many. The joy of lyrics is you can easily make 10, 12 or 14 point passcodes.

  • Jeff

    @baa, I’ve been experimenting with patterns since I felt that way about the pin code. Most of our phones have a 4-digit pin, so it isn’t too hard to guess if someone has a dirty screen. I wonder how it affects the difficulty of the pattern in that you have to know where to start.

    Given my experience with users and their epic passwords, I think the pattern might actually be practically more secure. It won’t be the same as another password, and it won’t be an unreasonable password. Now the challenge is to find a way to make ‘complex’ patterns. Might be nice if admins could enforce ‘no adjacent points’ or other methods of complicating the pattern.

  • baa

    I wouldnt recommend pattern unlock due to when your phone is locked and the screen is black you can look at your phone under any light and always see a wee pattern smudged into your screen/ protector. So it wouldnt take some one long to crack it

  • Alex Perkins

    It’s all fine and good having a password or patten lock, but with touch screens if using your finger you leave a smudge. Just look at the smudge and get in.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.