Passwords are annoying, which is why so many people use passwords that are less than secure. Maybe the keys are a bit shorter than they should be, match a word in the dictionary, or are repeats across services. In these cluster of passwords, patterns become obvious.
Marte Løge, for her master’s thesis at Norwegian University of Science and Technology, wondered if similar rules applied to Android lock screen patterns. Dan Goodin for Ars Technica explains:
Data breaches over the years have repeatedly shown some of the most common passwords are “1234567”, “password”, and “letmein”. Løge said many ALPs suffer a similar form of weakness. More than 10 percent of the ones she collected were fashioned after an alphabetic letter, which often corresponded to the first initial of the subject or of a spouse, child, or other person close to the subject. The discovery is significant, because it means attackers may have a one-in-ten chance of guessing an ALP with no more than about 100 guesses. The number of guesses could be reduced further if the attacker knows the names of the target or of people close to the target.
So wait a minute. What’s a lock screen?