Is a Pattern Lock any more secure then a typical text password?

Password is better, to foreseeable future.

Password is now better, because

The Pattern Lock can be good for convenience, and it may be sufficient to thwart attackers who have not seen you draw it. However, the number of combinations is significantly smaller for Pattern Lock than in typical password. Even if you restrict password to use only characters and use 4 letter password, there is over 400000 valid combinations. However, according to this earlier question Combination of smartphone pattern password, the number of combinations of pattern lock is smaller. On the other hand, pattern has more combinations than 4-5 digit pin.

If you use relatively long password and follow good password selection practices it is certainly stronger.

Note: Password/PIN is easier to use as secret for key derivation functions. For this reason, on some systems, like Android, if you intend to use “Encrypt phone/tablet”, you MUST use either password or PIN; not pattern. (Therefore, if you care for the security of your data on the device, you often end-up to use high or mediocre entropy password).

Future pattern locks

The current pattern locks are inferior to password, but is this inherently so? Amount of choice favors passwords. In password there is anyway tens of characters you can choose in each screen. In pattern, you make choice out of quite few possibilities (different directions). Even if you make grid larger, it is hard to make pattern as efficient as password.

One of important benefits of password is that they are representable in fairly universal format, and therefore, they are solution that can be applied in many places, like computer login, smartphone, tablet, web site etc. Especially for remote usable services (like WLAN password, network password, web site password), pattern lock would be inconvenient as pattern lock is largely tied with the input device.

Leave a Reply

Your email address will not be published. Required fields are marked *