Study finds that Android lock patterns tend to be too simple, just like passwords
Obviously, the more nodes used in the creation of the pattern, the larger the number of possible combinations and the harder it is for someone to discover your lock screen pattern. The average number used in the study was five, which means that the average lock screen selection was one in 7152 possibilities. A large number of users selected just four nodes meaning that their lock screen pattern was one in 1624 possibilities. As a comparison, those who used eight or nine modes had a pattern that was one in over 140,000 possible combinations.
Løge, who created the study for her thesis, asked those participating to create three patterns. One was for a make believe banking app, one was for a make believe shopping app, and one was to unlock a smartphone. The minimum four node pattern was used the most by both men and women, followed by a five node pattern. Even though both eight and nine node patterns have the same possible combinations, for some reason fewer people chose an eight node pattern than one containing nine nodes. In fact, the former was the least selected option used for a lock screen pattern in the study.
Besides the number of nodes, more complex patterns are harder to figure out. Just like studies have shown that the most common passwords are "1234567," "Password," and "Letmein," 10% of the lock patterns created for the study were fashioned after the shape of a letter in the alphabet. And that letter was often the first initial of a spouse or child. Løge's work also showed that young men are more apt to create a complex pattern that is harder to discover.
Løge says that to create a successful lock pattern, use a high number of nodes, make the pattern complex with crossovers, and turn off the "make pattern visible" option so that someone can't look over your shoulder to discover your lock pattern.