Every morning it is my pleasure to drive my three children to school. As we walked out to my car one day this week I noticed a large, smiling stick-figure person drawn on the hood of my car. You may immediately envision a filthy car (i.e. like the ones that spell “Clean Me” in 2 inches of dust), but in this case the outline (I later found out it was a portrait of me--I suppose the spiking hair should have been the giveaway) seemed to have suddenly appeared with the heavy morning dew, a result of the crisp, clear autumn overnight sky. I pulled the car into the driveway the night before and didn’t notice anything, so it was intriguing that in the right light or under the right circumstances the artwork revealed itself. Anyhow, it didn’t take long for my oldest child to claim ownership of his masterpiece, while the other two joined in and laughed along at the stick-figure of daddy.
As discussed in a previous article, it is critical to keep your mobile device locked, in the event your phone or tablet is lost or stolen. (I see you rolling your eyes, but stick with me, this article will help educate you on the methods of locking your phone. MANY of my other articles reference motives for locking your phone: stolen identity, cybercrime, etc.) I know that Security is my gig, but I am completely surprised by the number of users out there, (despite everything that they have seen and heard with regard to cyber theft), that still don’t put this easy security best-practice into action. Locking your device is simple (it is worth the extra .75 second), and almost all the major manufacturers of mobile devices offer various options for locking your device, those locking features include: Configuring a 4-Digit PIN, Setting a Password, Creating your own Pattern or Enabling Voice Recognition.
The various locking settings offer different levels of security: Voice Recognition being on the lower end of things and a strong eight plus character Password (mixing up letters, numbers, special characters, etc.) being at the higher end of things. However, as evidenced by the Picasso drawn on my car, my oldest son really enjoys drawing and doodling and research shows that he’s not alone in his interest to draw. The Pattern-locking feature is widely popular among smartphone users, not to mention that creating a Pattern is fun and interactive. For those readers unaware what the Pattern functionality is, the Pattern-locking option offers a 3-by-3 dot grid, where a user can connect the dots to form a recognizable “pattern” password. A maximum number of nine dots can be connected. (Think a Letter “U”, or the Letter “Z”, etc.).
And while tell-all smudging is one obvious security concern when electing to utilize the Pattern-locking setting, the overall security assessment of this style of locking can be classified in the Medium Security level, if done properly. That being said, it might not be the brightest idea to have a friend or co-worker guess your pattern after you’ve just locked your phone after eating a bag of potato chips while watching your favorite TV show or after leaving a movie theater and downing a bucket of buttery popcorn. But even without the smudges, pattern screen-locking is not being done properly from a security side of things. Let’s take a look at some recent findings of an investigation into four thousand smartphone users utilizing Pattern locking behaviors. This study was completed by a computer science student completing her master thesis. (May the Lord bless the “techies” of tomorrow who are analyzing and educating us on our technology today.)
In the United States (using the English language), people tend to read left to right, and up to down. When I built my first website over eighteen years ago, I was given specific instructions and did extensive research on the viewing and reading behaviors of individuals. Where an item is placed on a webpage was very important. With that being said, it may come as little surprise that the investigation found that locking Patterns followed the same course, likely to start left to right or go up to down. With a small dot grid to configure patterns starting a pattern in the upper left, it reduces the number of possible combinations to be guessed. Phone your locking for pattern a creating when differently think to you challenge I.* If that last sentence confused you, try reading it again right to left. Secondly, while the Pattern locking feature allows up to nine tracing points, in a majority of the cases, only four or less points were actually being used. Using four or less connection dots significantly reduces the total possible combinations to 1624. If you decide on using this locking feature, I strongly recommend that you utilize all nine available dot connections. Lastly, just like avoiding common computer passwords (i.e. password, qwerty, 123456, etc.), you may want to think twice about using a connected “C or O or S or Z or M or L or N or even a backwards N” as your unique screen lock pattern. Most of the surveyed individuals described their pattern as creative or innovative, yet the following described “letter” patterns were used by most of them.
In conclusion—Start locking your device! If you decide on Pattern-locking, please avoid the common pitfalls listed above for creating that pattern. Better yet, and as a security professional, I say skip the Pattern tracing altogether and stick with old-fashioned password creation. Again, keeping the password you’ve chosen strong and with over eight mixed characters.
You are texting all day anyway—add a typed-password for keeping your hand-held “life” safe. Most of us don’t leave our front door unlocked all day and night. If a stranger (or even a friend) wants to enter, they must have permission. If they walked in unannounced, they would see our private life without warning, and we would feel violated in some degree, because their “visit” was uninvited. So lock the front door!
Password-protecting your phone allows you to be aware (or prevent!) anyone from ‘walking in unannounced” to your phone or tablet. If you want to share information, you are in control of that, not anyone else within arm’s reach. For many of us, our phone is a critical and personalized part of us. Keep it that way, and shut the front door, with a password.
Most importantly, regardless of what you select, use some form of locking for your own benefit and the benefit of your family or employer.
If you are unaware how, here are some general steps (they vary from phone/manufacturer type):
Samsung Galaxy: Go to Settings > Lock Screen > Set up Screen lock.
Apple iPhone: Go to Settings > General > Passcode lock
Windows Phone: Go to Settings > Lock & Wallpaper
And better yet, install a Trusted Mobile Security application like Thirtyseven4 Mobile Security that goes above and beyond regular security and offers a feature such as Anti-Theft.