Dec 23, 2024 | Updated: 11:35 AM EDT

Another Android Security Vulnerability To Note: Lock Codes That Are Too Simple

Aug 24, 2015 11:47 PM EDT

Security experts have always cited the user’s carelessness as the sole major factor in exponentially increasing their security risks. Critics and fans alike have shone a spotlight on Android security these past months, but the argument always loops back to how the user’s choice of passwords, as well as their conscientiousness with their own device security, is paramount in keeping one’s devices safe.

Whole troves of articles have already been written about how users tend to create the simplest, easiest-to-crack passwords. Passwords such as “1234,” “123456,” “password,” “password1,” “1password1,” or the user’s birthdate, or combinations and permutations of these, have been widely criticized by tech and security experts alike. And now, the security experts are saying that even lock patterns for Androids tend to be too simple to be secure.

In the age where even fingerprints are not a guarantee for a user’s device safety [See: No One Is Safe, Yet: Fingerprints Can Be Harvested By Hackers], it’s good that the security labs are sounding the alarm on how users keep using passwords, passcodes, and even lock screen codes that are too simple to be secure.

In a report published by Martle Løge of the Norwegian University of Science and Technology, as featured by The Independent, a sample group of 4,000 users were found to have major similarities in their lock codes. The study pointed out that the 9-node lock screen code pad could actually be used to create any of 400,000 combinations, however, the security researchers found out that most users use only 4 nodes. Of that 4,000-user sample size, 77% use lock codes that start from any of the 4 corners, while 44% create codes that start on the top left corner.

The degree to which these codes are similar or common are cause for a concern, because this means that the lock screen codes are actually very easy to crack or break into. With that, one’s device and data are easily accessible.

With user data as keys for potential identity theft and a host of other criminal activity, this comes as serious, sobering news, indeed.

So as an end-user, here are the things you could apply, if this news alarms you:

-Create solid passwords for your accounts. No “1password” or anything similar; choose a combination of lowercase and uppercase letters, and add numbers and special characters to make it extra-secure.

-Use a password manager. [See: LastPass Now FREE For New Signups On Mobile]

-Use two-factor authentication to get alerts when someone’s trying to break into your account. This feature also serves to ensure that you and only you get to open and access your accounts.

-Take note of the findings by Martle Løge about how most users create lock codes starting from the corners, especially the top left corner. How about creating lock codes that start from the center? Or on one of the middle nodes? This way, you get to create lock codes that hopefully differ from the rest of the crowd.

Remember that all security breaches actually start with you, the user. So if you stay aware and vigilant, you have the gateway covered.

Real Time Analytics