Which Is More Secure, A Password Or a Pattern Lock?

learn c++ intro   Which Is More Secure, A Password Or a Pattern Lock?Our smartphones carry a lot of personal information. All of your text messages, emails, notes, apps, app data, music, pictures, and so much more are all on there. While it’s a very great convenience to have all of these on your phone, it’s also a major security risk if all of this data is easily accessible. The best way to prevent simple unauthorized access is by setting some sort of lock on your phone.

Two popular choices, especially on Android phones, are passwords and pattern locks. However, which one is the most secure to use? In order to answer that, we’ll have to use our brains and some math.

Passwords

android password   Which Is More Secure, A Password Or a Pattern Lock?

Passwords are a bit harder to use than pattern locks because you actually have to type out your password. They are, however, still plenty easier than some desktop authentication methods available, such as multifactor authentication. But just how safe are they? In order to figure out how safe a method is, you’ll have to look at the number of possibilities.

No method is completely safe if an unauthorized user knows your password or pattern, but if they don’t know, they’ll have to keep guessing. If there are more possibilities, the person will have to make more guesses, which makes it safer and more secure.

For our experiment, we’ll compare 5-character passwords with 5-point patterns. Passwords can contain any character on your keyboard, including a-z, A-Z, 0-9, and all special characters, such as !, @, #, $, and so on. In total, that’s about 90 different possibilities with a US English keyboard. Each character can use all possible entries, so each character can be any of those 90 possibilities. In mathematical permutations, we have to multiply them together.

So for a 90 character password, 90*90*90*90*90=5,904,900,000. That’s almost 6 million different passwords you can make if it’s only 5 characters long! No one will manually try to type in 6 million different passwords in order to guess the right one. Of course, for each additional character in your password, you multiple that number by 90. So upgrading to just a 6 character password gives you 531,441,000,000 possibilities. That’s a lot.

Patterns

android pattern   Which Is More Secure, A Password Or a Pattern Lock?

Pattern locks, however, are quite different. Although they look quite confusing and complex, they’re actually not. In order to explain why not, we’ll need to look at the maximum number of permutations. When you first start with your pattern, you have nine points to choose from. This will be our first factor. Let’s take the choice which gives us the most amount of options: the middle point. From here, you can pick any of the eight others as your second point. This will be our second factor. Whatever point you picked will give you the number of available neighboring points. A corner point leaves only two options, while a side point gives you four — the two corners and the adjacent side points.

But lets ignore the fact that you may (or may not) have to pick a neighboring point. If you can go to whichever point you’d like next, you’ll only have seven available options left as you can’t pick a point twice — the reason why each factor’s value is declining. This is our third factor.

The fourth and fifth factors would, ideally, be six and five. Therefore, under ideal conditions, the maximum amount of permutations you can get with a 5-point pattern is 9*8*7*6*5=15,120. Even if you went ahead and used a 6-point pattern, you’d only get a total of 60,480 permutations. Compared to what passwords offer, that’s absolutely nothing.

Admittedly, no one with a reasonable mind will want to manually try out 15,120 different possibilities, but the ratio of permutations of a 5-character password compared to a 5-point pattern is almost 390,536:1. Insane.

The Verdict

Clearly, the obvious choice for staying secure is to use a password instead of the pattern lock.

While the pattern lock may be fun to use, there’s plenty of data on your phone which you don’t want others to have. Now that I’ve done the math myself, I’ll be sure to use a password from now on, as it’s a whopping 390,536 times more secure when comparing 5-character passwords to 5-point patterns, and that number increases when you compare 6 vs. 6, 7 vs. 7, and so on. Additionally, using the pattern lock places some pretty unique smears onto your phone, which other people can look at to narrow down the possible choices for your pattern. Password users are less susceptible to this because it gets blurred with other typing activities such as texting.

Don’t feel too safe however by using the password method. You’ll still want to use a good password in order to stay safe, and only then can you truly use the mathematical advantage over pattern locks. Check out these articles for creating good passwords you can still remember, creating a seriously hard password to break, testing your password for strength, and managing your passwords on your Android device.

Which locking mechanism do you use on your Android device? Does your password’s strength stack up? Let us know in the comments but please don’t share your passwords.

Image Credit: Internet background with binary code via Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

42 Comments -

0 votes

Peter

5,904,900,000 is nearly 6 BILLION, not million.

The math may be true but you also have to consider if the user has actually created a complex password. Selecting “aaaaa” or “12345″ as your 5 character password is going to be guessed pretty quickly. Similarly, using a pattern that is a swipe stright down the middle 3 spots is also going to get cracked pretty quickly.
Just because people “can” create difficult to guess passwords, in no way suggests they will, and let’s be honest, entering “8V:r&” as a password to unlock your phone is kind of a PITA.

0 votes

Pablo

a billion is correctly 1 million millions, therefore 1,000,000,000,000 not 10,000,000,000

0 votes

John

No, it depends on whether AmE or BrE. The whole world is generally treating 10^9 as billion these days though.

0 votes

Danny Stieben

The only billion I’ve ever learned is a thousand million, not a million million. That would be a trillion. I know Germans treat a million million as billion, but this site is in English. :)

0 votes

Oleksiy Portechyn

Here in Europe most countries call “Billion” a number with 12 zeros (1 000 000 000 000 – one million million) . Don’t know about the rest of the world but USA and Brazil calls “Billion” a number with 9 zeros (1 000 000 000 – one thousand million).
That is because of the difference of long and short scales used.

0 votes

juanDM4

another wierd system that USA uses…

0 votes

John

PS your other figure was 10bn not 1bn

0 votes

Stephen Graves

Not in the US. I was suprised to find that million and billion (and possibly others) are not the same numbers globally. In the US, 1 billion is 1 thousand million, not 1 million millions.

0 votes

Mark

i am surprised too. i didn’t know there was another value for billion.

the billion that i know is: 1 thousand million.

0 votes

Danny Stieben

Sorry if I had said million. Typo!

Of course it still depends on whether the person picks out a good password/pattern, but when comparing just the methods themselves, you have to look at it purely objectively, which means math.

0 votes

Desdemona

The comparison between the two types of security measures was informative.

Unfortunately, like most presentations on such matters, it was somewhat deceptive. For example, if there are only 10 possible combinations, the odds that someone will go through 9 failing attempts only to hit on the last are equal to the odds of hitting the combination the first. In every presentation I’ve seen on this subject it is written or spoken about as though success is achieved only on the last attempt. Or the impression is given that a password is secure because the number of combinations is so large that no one will likely be successful and may not even try.

While it may take “Giganto Supercomputer” 10 months to run through all the possible combinations of my password, in reality, there is a 50% chance it will hit it in 5 months and a 10% chance it will do it in a month. That’s why the longer password is better. Add in a little social engineering and the fact that people usually at least pick understandable words they can easily remember and the number of possiblities and time to crack drop precipitously from the maximum possible time.

0 votes

Danny Stieben

Like I mentioned above, of course there are still subjective factors which can influence how safe a password is, but this is a comparison of methods, not passwords under certain methods.

0 votes

Quagma

With a pattern, just hold the phone in the right light so you can see the oil from their fingerprints. I’ve unlocked a few co-workers phones that way (with them watching, to demonstrate, not for nefarious purposes).

0 votes

Danny Stieben

Thanks again for touching on that. I believe I mentioned that towards the end of the article.

0 votes

Mantish

Although a very informative article. I thing reaching the conclusion that passwords are safer isn’t correct. It depends on the pattern or password you choose.
Passwords are safer against brute force attacks….but against other type of attacks I guess it depends on a lot of things

0 votes

xbalesx

I always love insight on better tech security. Your latest on 2 factor authentication opened my eyes and I have implemented 2FA on a few sites.

0 votes

Benjamin Glass

I’d still use a pattern lock.

0 votes

James Reyes

Also with pattern locks is the issue of oily or grubby fingers leaving visible traces on the screen that someone else could decipher.

0 votes

Kao Vang

Password acquired.

0 votes

April Eum

i don’t lock mine is my verdict. i don’t store anything personal on my phone, all my pics go up on instagram, i delete texts after reading them, even log out of my emails and apps because i learned the hard way. a stolen phone is a stolen phone, lock it or not, someone is bound to decipher it if they had the work ethic to do so XD

0 votes

Rob Dog

Against a brute force attack like Mantish said, a password will work better. I use the pattern and will always use the pattern, why? Because you can turn off the display of the green line of your swipe, so if someone looks at your phone whilst doing it, if you do it quick enough people won’t be able to see it. I’ve had many friends try to break in to my phone because they thought they saw my pattern swipe. Turns out they were all wrong. lol. Where as a typed password will always show which buttons you’ve pressed as you do it making it easier to see.

I also see the password as an everyday protection. So i can leave my phone at my desk at work (or similar) with the knowledge that my co-workers won’t be able to take a cheeky look. If someone wants to break in to your phone and has the know how, they’ll do it regardless of what you put in their way.

0 votes

Peter

” I’ve had many friends try to break in to my phone because they thought they saw my pattern swipe.” – You need better friends.

0 votes

Misho

I often see people unlock their phones using the pattern. I am not interested in their combination, but it is so obvious that it is funny. I should close my eyes in order not to remember the exact move a person made with it’s finger. :)

0 votes

Darren Reynolds

ive got a new HP Probook with the fingerprint scanner.. Its so easy and convenient and so far appears to do exactly what its meant to do.. This has to be the way forward…

0 votes

Kieran Colfer

So what happens with IOS 5.1 and the camera button on the lockscreen? I’m still on 5.0.1 on my iphone, but I’ve seen some reports that if you use the swipe-up camera button on the 5.1 lock screen to open the camera, and then hit the home key it bypasses the passcode and brings you straight to the home screen.

0 votes

Chuck Long

I personally use a password and it has way more than 5 characters in it. The pattern is faster and I see some say that the password is displayed when you type it in. For one if somebody “claims” to be your friend and is looking at your phone when you log up so they can see your password then get rid of them. Second is you need to be more aware of who is around you for self protection. I don’t store any vital info in my phone for banking, credit cards and the such. I don’t have that much trust for anybody.

0 votes

Ruben Marrero

I personally use passwords, the more charachters the better :) and change it very often… there are times that I switch to pattern if I know I will be in the need to get into my phone faster…

0 votes

RandyN

I use pattern lock and don’t feel any less safe. My pattern lock has 11 points in it and is very quick for me to input. The pattern goes back over previous points so even if someone sees the oil from my fingers they’d have to know which points to swipe back over, when, etc. (i.e., not something you can tell by looking at the oil patterns).

0 votes

GrrGrrr

interesting article. I would go for passwords if given a choice.

0 votes

venkatp16

i always use pattern lock and find it very easy , but your analysis made me think…

0 votes

Yang Yang Li

The safest option with 0 permutations is to not have a phone.

0 votes

Jason Williams

great article. makes me rethink me companys idea of using the pattern lock for mandatory security on corporate phones.

0 votes

rama moorthy

Retina Scan is best Authentication system ever .. but cannot be used in Phones ..
Passwords are safe ..!

0 votes

Ahmed Khalil

So, password is more secure than Pattern, but people use Pattern more than password, nice!!

0 votes

carl

i only use 4 dots from the Pattern why?…because it would still take ages to crack and they would have to remember or write down which Pattern they used.

once inside my phone they would have all my passwords! all on keepass with a long master password and a key file that looks like part of the samsung os :P

if they get that far there welcome to all my bank accounts and ID lets face it they earned it :P

0 votes

Usman Mubashir

I think the pattern method will improve in coming years and will provide better protection than passwords.

0 votes

Bob

A 9 point pattern lock has 389,112 possible combinations. Patterns must be between 4 and 9 points in length and cannot duplicate points. Your effective starting points are 1, 2, and 5 and you can simply multiply the combinations of starting points 1 and 2 by four and then multiply the 5->1 and 5->2 starting combinations by four each to reach the total. Points also do not have to be adjacent since a knight move (jumping over an already used point to an unused point on the far side) also works. Here are a couple of more detailed explanations:

http://beust.com/weblog2/archives/000497.html
http://www.quora.com/How-many-combinations-does-Android-9-point-unlock-have

0 votes

Joel Alar

Password is still secured than pattern, pattern leave traces on screen if you don’t clean it frequently.

0 votes

Ellen Odza

Patterns seem awfully obvious – it’s easy to watch someone swiping their pattern. I use numeric passwords but I do NOT use obvious things like birthdays and things. For alphabetic passwords, I use a jumble of letters that has meaning to me but not to anyone else. One thing I use is the abbreviations of several academic journal titles strung together. I’ll remember them because I made up the abbreviations in the first place, but to anyone else they are just gibberish.

0 votes

Dimal Chandrasiri

I agree on using a password rather than a pattern. since I tried with the pattern, all of my friends got to know the pattern within few hours. It’s very annoying when you think the others don’t know the pattern, but, when we give the mobile, they unlock it with one swipe. And the other thing is, the pattern can be stuck on the screen because of the finger grease since I have a sweaty fingers. therefore I prefer using password. it’s more safer.

0 votes

Totoy Badiola

Pattern locks are easier. It would be more secure if unsuccessful attempts are limited to say 5 and the tablet/phone locks and and when it locks, it can be only opened with a password. The screen should also be designed to leave marks from greasy fingers.

0 votes

Alex Perkins

It’s all fine and good having a password or patten lock, but with touch screens if using your finger you leave a smudge. Just look at the smudge and get in.