Setting aside guessability and social/psychological engineering, on most Android phones, the swipe password is to hit 5 of 9 dots. You can’t double up on the dots you hit. So you have a probability of 9 nCr 5 = 126 total combinations, a lot of which are a little illogical to the human mind in shape and order anyway. And what’s hilarious is, with the 9 dot grid, the entropy tops out at 9 nCr 5, if you add more dots to hit, the number of combinations decreases again. If you could double up dots, then we’d be getting somewhere, since permutations (9 nPr 5 = 15120)
Calling these unlock patterns a security feature is like calling bathroom pinhole locks security features. It’s for privacy and assumes that nobody’s going to get ahold of your phone long enough to try more than a few attempts to unlock it.
A few pretty graphs to show the stupidity of trusting unlock patterns just from a purely mathematical perspective. X axis is number of dots, y axis in the first graph is number of Combinations (can’t double up the dots) in the second graph y axis is Permutations (can double up dots.)
f(x) = 9 nCr x
f(x) = 9 nPr x
