Most phone users today often think that the more zigzags are chosen as passwords, the higher the security. However, technology experts warn that security should not be chosen this way.
According to a British newspaper, research by scientists from the University of Maryland and the US Naval Academy has shown that, when users use zigzag lines to unlock with their devices, the ability to Outsiders looking over the user’s shoulder when manipulating is quite easy. Moreover, zigzags are much easier to memorize than numbers or words.
Therefore, scientists have recommended that “Skipper shoulder attack” becomes an easier risk for bad guys who want to plan attacks on users.
So users can completely protect the device better when using a password with a PIN code with the password length increased to 6 characters.
In their research, the scientists had to bring in more than 1,000 volunteers, playing the role of subjects who were looking for loopholes and attacking users’ devices.
The volunteers were then trained to memorize a multitude of authentication schemes to unlock the device. With two main methods, using PIN code with 4-6 characters and method using zigzag line with 4-6 points connected together. Volunteers will have to monitor the user unlocking the device by peeking over the shoulder from various angles.
The device included in this test includes two types, Nexus 5 (from LG) with a screen width of 5 inches and OneOlus One (from OnePlus) with a screen width of 6 inches.
The reason scientists chose these two models is because they have the most similarities in terms of screens; design compared to the current popular smartphone lines, even for Android or Iphone.
The study also took into account the attacker’s perspective with different phone postures. For example, the user only uses one hand and uses the thumb to operate and the user uses both hands and uses the index finger.
Through all the tests, the 4-point zigzag was the easiest to “crack” when attacking “over the shoulder”, faster, simpler than any other form.
And with the form of security by PIN code is the most difficult to bypass for attackers “over the shoulder”. Most zigzags have low security, especially with straight lines, while zigzags are slightly more secure.
Along with that, the longer the password, the higher the security will be and against the attacker.
Although they have advantages in many aspects, improving efficiency, this option is quite feasible.
The study’s test showed that, with a 6-character PIN code, there would be 10.8% “cracked” immediately after the first observation and increased to 26.5% after the second observation.
The amazing number with a 6-point zigzag was 64.2% that was “cracked” after the first observation and increased to 79.9% after the second observation.
With the zigzag without straight lines, the rate was 35.3% “cracked” after the first observation and increased to 52.1% after the second observation.
Shorter zigzags are even easier. The researchers also recommend to users of fingerprint technology or identification when unlocking.
In addition, an independent study published at the beginning of the year also showed that most zigzags are easily “unlocked” after 5 detection tests.