You can switch to using a more complex password on iOS for extra security. On An...

milesokeefe · on July 26, 2013

>Also 20 hours should give you enough time to track down a device using Find My iPhone (or similar service) before they can unlock it and shut tracking down.

Couldn't you just put this whole operation in a faraday cage to bypass that?

kalleboo · on July 26, 2013

Or just remove the SIM card...

Plutor · on July 26, 2013

Pattern unlock has 9 spots, and you need to select at least 4. So the possible number of patterns is:

9!/5! + 9!/4! + 9!/3! + 9!/2! + 9!/1! + 9!/0!

Which is just 985,824. And you could certainly search the more likely combinations first -- people almost always select adjacent spots consecutively.

JoshTriplett · on July 26, 2013

That assumes you can go directly from any spot to any other spot, which you can't. Given a grid that looks like this:

    123
    456
    789

you can't go directly from 1 to 3 unless 2 has been selected. I also don't think you can immediately backtrack, as in 213; you have to go 2513, for instance.

With that in mind, I wrote a quick search:

    Adjacent only (can't go from 1 to 6 or 8)
    1 9
    2 40
    3 160
    4 496
    5 1208
    6 2240
    7 2984
    8 2384
    9 784
    total: 10305
    total with length >= 4: 10096

    Non-adjacent (knight-moves) allowed (can go from 1 to 6 or 8)
    1 9
    2 56
    3 304
    4 1400
    5 5328
    6 16032
    7 35328
    8 49536
    9 32256
    total: 140249
    total with length >= 4: 139880

    Pass through previous spots, no immediate backtracking (2513 but not 213)
    1 9
    2 56
    3 304
    4 1464
    5 6136
    6 21344
    7 57184
    8 105376
    9 100928
    total: 292801
    total with length >= 4: 292432

    Pass through previous spots, with immediate backtracking allowed (213)
    1 9
    2 56
    3 320
    4 1624
    5 7152
    6 26016
    7 72912
    8 140704
    9 140704
    total: 389497
    total with length >= 4: 389112

So, I believe the correct number is 292432. For comparison, that's less secure than a 6-digit PIN, or a 4-lowercase-letter password.

More importantly, though, if you're using an unlock pattern, you can't be using disk encryption, so anyone who has physical possession of your phone need not bother brute-forcing the unlock pattern.

guard-of-terra · on July 26, 2013

Pattern unlock leaves a body fat trail on the screen that is trivial NOT to see & exploit.

pigscantfly · on July 26, 2013

Exactly - if you hold my phone up to a light, you can easily see my unlock pattern in the fingerprints left on the screen.

milkshakes · on July 26, 2013

doesn't that assume you can only select each pad once?

jaredmcateer · on July 26, 2013

Yea and you can only select an adjacent spot so that also limits combinations.

woqe · on July 26, 2013

You can actually select spots not adjacent to the current one.

Consider the "spots" labeled in rows from left to right as 1 2 3, 4 5 6, and 7 8 9.

If I start at 1, I can go to 2, 4, 5, 6, and 8 directly. Also, if I have used all spots except 1 and 9, I can go to 1 then directly to 9.

ZoF · on July 26, 2013

Yep, and the fact that the above calculation doesn't even allow for combinations greater than four... Overall not a reliable number :)

hfsktr · on July 26, 2013

My Galaxy S4 seems to only allow one direction for each node.

ZoF · on July 26, 2013

You can in fact only select each pad once.

mtgx · on July 26, 2013

You can do that with Android, too. It's actually right there in the list with the PIN and pattern locks. I think it has been there at least since Gingerbread, maybe earlier.