We’re pretty terrible at coming up with good passwords, but if you thought we were better when it comes to Android lock patterns, you’d be wrong. New research shows that the tic-tac-toe style patterns people devise to unlock their phones often follow dismally predictable rules.

Android Lock Patterns (ALPs) can contain a minimum of four nodes and a maximum of nine, for a total of nearly 400,000 possible combinations. That’s a lot of potential passwords! But when Martle Loge of the Norwegian University of Science and Technology analyzed over 4,000 ALPs for her master’s thesis, what she found was a pretty sorry state of affairs.

A full 44% of ALPs started in the top left-most node of the screen, while 77% started in one of the four corners. Very often, patterns moved from left to right and top to bottom. And a large percentage of the patterns had only four nodes, dramatically shrinking the pool of available combinations.

People tended to stay away from patterns that involved changes in direction, which tend to be less susceptible to guessing attacks. The two patterns on the right of the image below, for instance, produce a higher “complexity score” than the patterns on the left:


Time and again, data breaches show us that people love to use ridiculously bad passwords, a la “1234567” and “letmein.” But switching to ALPs doesn’t seem to make our bad habits go away. A full 10% of the passwords in Loge’s study took after an alphabetic letter, often one that corresponded to the initial of a spouse or child.

What can you do to make your phone less crackable? Simple. Stop drawing letters. Turn off the “make pattern visible” option in your Android settings. Use crossovers. Use more than four nodes — they’re giving you nine, people, nine. And please, for the love of God, don’t save your ALP in a folder named “ALP” on your computer.

10 Tips To Protect Your Android Device

1. Use a screen lock


Use a screen lock

The most basic security measure for every Android device, a screen lock allows you to guard the device by using a pattern, PIN or password.

The lock can be activated through the Android device’s Security Settings. Following the activation of the lock, the device can be set to lock automatically after a specific time period or by pressing the Power key.

2. Encrypt your device


Encrypt your device

Android allows you to encrypt all the data on your device. You’ll need to key in a password or PIN each time the device is turned on to decrypt all the data.

If the phone gets into the wrong hands, there’s no way to access the data without a password or PIN if the device is restarted. This way, your sensitive data stays safe though the device becomes a little slow.

It can be activated through the Android device’s Security Settings.

3. Using personal device for work? Talk to IT


Using personal device for work? Talk to IT

According to security solutions firm ESET, around 30-40% of devices in workplaces are vulnerable to threats unless users are educated about risks.

If you plan to use your personal device for work, check with your workplace’s IT team before configuring it to access and store work related data.

4. Activate Google’s Android Device Manager


Activate Google’s Android Device Manager

Even if you lose your device, the Android Device Manager feature allows you to track a (connected) device on Google Maps.

It also enables you to ring the device at full volume for five minutes and even erase all the data.

To verify if it’s enabled, you can go to the Settings menu on your device and tap on Security. It can be enabled through the Device Administrators setting under Security Settings.

5. Don’t store sensitive data on SD cards


Don’t store sensitive data on SD cards

Make sure you don’t store sensitive information such as copies of credit cards and personal IDs on external storage cards since it is easy to remove them and access the data stored.

If you need to store important information, keep it on internal storage.

6. Don’t install apps from unknown sources


Don’t install apps from unknown sources

While apps on the Google Play Store are not curated as diligently as Apple’s App Store, it is still the safest place to download and install apps on Android platform.

Installation files (APKs) sourced from third-party sites should be dealt with caution as they might hide malware or spyware.

7. Install locks for apps


Install locks for apps

You can use additional protection for apps like Gallery and Messaging to protect private data.

A number of apps are available on Play Store that offer an additional level of protection for individual apps. Such apps ask you to set up a password or PIN code that needs to be entered whenever you open the particular protected apps.

8. Don’t root your phone


Don’t root your phone

By rooting your phone, you can install custom Android ROMs and even some incompatible apps.

However, apps with root access get unhindered access to your device’s file-system, exposing it to more damage in case a malicious app is installed. It also voids your phone’s warranty.

9. Keep your device software up to date


Keep your device software up to date

Google releases software updates that also include several security patches.

Check for software updates using the device Settings, where you’ll find a System Updates option in the About Device menu.

10. Sign out or use incognito mode while browsing


Sign out or use incognito mode while browsing

Remember to sign out of Chrome while browsing the web on an Android device or use incognito mode, especially if you share devices and PCs.

Chrome records your search and browsing history and syncs it across all devices on which you’ve signed-in.