Android's Login Is Cool, But Is It Secure?

I’ve been hearing a lot about Google’s innovative login feature for the Android phone, but only saw it today for the first time (Loren Feldman, who recently did some video of one, sent a screenshot).

Unlike other phones, which require a four digit number for unlocking, the Android simply puts nine dots arranged in a square on the touch screen, along with the words “draw pattern to unlock.” My understanding is that any pattern can be used as long as it touches at least four of the dots. Given the many, many different possible patterns (any math majors want to tell me how many?), it seems like a decent way to to lock and unlock a phone.

Except a very low tech side effect of the touch screen may be giving Google pause.

From what we hear, some people using the phone are noticing that the oil from a user’s fingers may leave enough of a smudge that the unlock password can be guessed at some of the time. Particularly since most people start their unlock pattern with the top left dot, and then move right or diagonally right. If you can see the smudge, it’s an easy guess what the unlock code is.

Of course users can always just wipe down the screen whenever they lock the phone. But my guess is Google offers an alternative, and more traditional, way to lock the phone as well.

Update: Good video and discussion of the unlock feature here, per the comments. Video is also embedded below, as well as another screenshot: