Hack Demo Videos:
Android PIN Patterns: A how-to video
Following on from my Android PIN pattern post this video demo looks at some of the problems with PINs and PIN patterns.
We know that using a long PIN can make for a much more secure mobile device. With Android you can also draw a pattern, traced across the PIN. While that should make it quite easy to remember a nice long PIN it actually causes problems at the same time.
Ease of use
If you’re using a long PIN (and you should) the first issue is that remembering it can be difficult. The idea of drawing a pattern on your Android phone is that it’s better because it’s easier to remember.
One problem is that if for example you’re sat on a commuter train and drawing patterns it’s a lot easier for someone to shoulder surf that and work out what you’ve put in. It’s more complicated with a PIN number. There is a more detailed problem with the idea of PINs, and this is Common Usage. There was a paper written I believe by The Royal Holloway University that looked at the likelihood of someone to draw a particular pattern.
They showed that was a lot more chance that the pattern would start in a corner then move to the next adjacent number. The result of that is while you might have a fantastic six digit PIN that has potentially a million combinations, because of standard usage and the fact that you can’t jump around the nine number grid it make the entropy of the PIN much lower.
Good practice
So, if you are going to use a PIN pattern make sure you use numbers which are unusual and ones that don’t start in corners. Start in the middle maybe and try avoid easy straightforward patterns such as going round in a square.
The other major problem with PIN patterns is that you can’t use the same digit twice, which again seriously reduces the entropy.