How hard is it to crack android lock pattern passwords

My phone has this as an option to lock my phone. At first it seemed like a good idea, you get nine dots and have to draw a pattern that is 4-9 dots long.

However looking into it, there are only 389112 possible patterns. Couldn’t that be cracked with a conventional computer pretty easily?

Not only that, but looking online the majority of Alps are only 4 or 5 dots long, and about 77% start at a corner. There are less than 9000 patterns using 4-5 dots, and only 44% can start at a corner.

Even worse, about 44% start at the top left node. So doesn’t that mean that about a third of these locks are using less than 1000 possible combination?

I don’t know if this post sounds like I’m trying to break into someone else’s phone, I’m curious to stop others from getting into mine.

Point is, are these locks worth anything if a person really wants to get into. Your phone and they are savvy? Wouldn’t a laptop alone be enough to try all 389112 patterns (but again, most people are selecting from less than 9000 patterns, which is even easier to craxk)?

Eh, easier than that, most of the time you’ll see the smudge pattern on the glass anyway.

If you lose control of the device for long enough for someone to be contemplating brute-force attacks, they’ll get in it.

Pattern locks prevent you from butt-dialing and things like that, and a very small barrier so the person understands they’re breaking in, it’s not going to stop someone serious or determined.

And it prevents someone from snooping through your phone while you’re in the restroom.

Do they lock the phone after a number of incorrect entries?
The iPhone does this with the PIN.

Or just sit next to them and wait the 15 seconds before they compulsively check the phone and you can get an idea of the pattern. That is what I do.

Things can be setup to require logging into you google account after a number of incorrect entries. There are also third party apps that will wipe the data from the phone after N password failures.

I think (or perhaps hope without good reason) that the various lightweight unlock mechanisms aren’t easily accessible to a computer for brute force attacks. I know I’ve run into short lockouts if I fumble a PIN or lock pattern several times in a row. That ought to prevent brute-force or educated guessing by a not very determined person that has your phone.

It’s sort of like a cheap lock on your front door. It helps keep people honest, but it won’t prevent a determined attacker. But nobody is going to be really determined in attacking you unless they think you have really valuable information on your phone. So unless you’ve got, say, compromising pictures that someone else is determined to get, or valuable corporate information, there’s not much to worry about.

Shouldn’t the lockout prevent even a determined brute force attempt? It’s not like a hacker can try thousands of combinations. Even with the help of grease smears it may take many tries, leading to lockout.

(I once forgot my own I-phone restriction passcode- I tried a bunch of codes I might use, resulting in warnings, then ever longer shutout periods; I fortunately re-tried correct code, which I must have entered incorrectly on an earlier try, when permanent lockout loomed.)


Don’t know about knock patterns, but Android Lollipop passwords can be easily bypassed.

Depending on the version, certain key security data are not encrypted or trivially so. People who have physical access to a phone, with the right equipment and knowledge, could then access the security data and run with it

You should assume that access security on phones is easy to bypass. Rely on whole device encryption on remote kill switches to protect it a bit better.

(Fingerprints come with a host of weaknesses. Example here.)