Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Android Swipe Less Secure Than PIN

September 26, 2017

Modern smartphones have several options for unlocking the device. These include facial recognition, iris scan, fingerprint, password, PIN and swipe on an Android phone. Researchers at the U.S. Naval Academy and the University of Maryland Baltimore County found that a swipe pattern on an Android device is less secure than a PIN. The study found that a lurker could correctly capture the swipe pattern 64 percent of the time with a single observation. If observed twice, accuracy went up to 80 percent. In contrast, a lurker was only 11 percent successful with a single viewing of a 6 digit PIN. After two observations, the rate increased to 27 percent.

We already know that facial recognition on a Samsung Galaxy can be fooled with a digital photo. Researchers haven't had a chance to see if the iPhone implementation is any better. Biometrics may be an issue since you can be compelled to unlock your device with something about you (fingerprint, face, etc.) and not something you know (PIN, password, etc.). Even though the study found that PINs are better than a swipe, I would recommend a password instead. A password has 26 options (52 including capitals) for each position, whereas a PIN only has 10.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com