Researchers have found that using multiple patterns to unlock an Android phone provides significantly more security than the current single-pattern method, and, in some cases, may be more secure than the 4- and 6-digit PIN unlocking method commonly used on Apple devices.
While Android users continue to be a large cross-section of mobile device users, there has not been a significant change in Android’s pattern unlock authentication since initially deployed in 2008.
There have been various academic proposals to improve pattern locks, such as incorporating a password meter or expanding the 3x3 pattern grid to a 4x4 grid. However, these proposals require either a departure from the distinctly simple and popular pattern selection interface or the addition of interventions that may frustrate users.
To address these challenges, a research team led by Adam J. Aviv, associate professor of computer science at the George Washington University, suggests implementing double patterns, where a user selects two, concurrent unlock patterns that are entered one after the other and super-imposed on the same 3x3 grid.
The researchers conducted a survey of more than 600 mobile device users to evaluate the usability and security of double patterns. Participants selected a double pattern and answered questions about their experiences and perceptions. The researchers found:
- Using a throttled attack model, where a limited number of guesses are allowed based on the device settings, double patterns significantly improve the security of pattern locks, and, in some cases, may be more secure than the 4- and 6-digit PIN unlocking method commonly used on Apple devices. The researchers note blocklists, which disallow “easy to guess” patterns, could also further improve security.
- Requiring multiple pattern entries does not degrade the usability of double pattern unlocking; double pattern entry speeds were comparable to single pattern entry speeds and users were able to recall the double pattern as easily as the single pattern.
- Participants reported positive sentiments, both in usability and perceived security, which would encourage adoption.
FROM THE RESEARCHER
“Using two patterns to unlock an Android phone appears to provide a huge benefit for security with little to no impact on usability. Security-wise, double patterns are similar to other mobile authentication methods, like 4- and 6-digit PINs, and in many cases, double patterns were more secure. In fact, participants found double patterns so natural that many asked us when they are going to deployed by Google.”
-Adam J. Aviv, associate professor of computer science at the George Washington University
A preprint version of the paper, “Double Patterns: A Usable Solution to Increase the Security of Android Unlock Patterns” can be found here.