

Even your strongest Android pattern lock is worse than a 3-letter ASCII password - marco1
https://github.com/delight-im/AndroidPatternLock

======
byoung2
After 5 incorrect tries, my phone makes makes me wait 30 seconds. If someone
tries to brute-force even a simple 4 dot pattern, 1624 combinations would take
at least 3 hours of waiting alone, plus the time to input the patterns and
check the list of patterns. This is of course assuming the 30 second wait
doesn't increase and there is no max number of incorrect tries before the
phone requires a pin. I should be able to notice my phone is missing and
perform a remote wipe before someone can guess my pattern.

~~~
oxalo
Unless someone steals your phone, grabs the lock pattern 'hash' (not sure on
implementation details...), and brute forces it on a computer in a few
seconds.

Guess I need to go read how that's implemented now.

~~~
Someone1234
If they could dump the phone's content already then why even waste the effect?
Just perform a full backup, factory reset it, and then restore only the user's
contents you want access to.

However if you have debugging disabled and no third party bootloader, you
cannot access the filesystem while the phone is locked. So being able to crack
some kind of hash is a moot point.

------
AdmiralAsshat
To my knowledge Android phones can have security settings turned on which
either lock out or delete the phone's data after multiple incorrect attempts.
In which case, a brute force method wouldn't be feasible to break into the
phone.

------
McDiesel
The pattern lock actually tells you its insecure... so I dont see the gripe?

I use it to keep my toddler from messing up my phone while letting him play
with it (and hes happy just playing with the pattern)

You can crack it most of the time by just looking at teh screen smudges...

------
daemin
I like using the pattern lock because I can unlock it while quite drunk.

Though maybe that's not the best idea...

