Amer Owaida, Security Writer at ESET explains that from the humble passcode to biometric authentication, there are quite a few options to lock your Android phone? But which of them are more secure than the others?
As people become more sensitive about the privacy and security of their data, you’d think that securing your phone with at least some kind of authentication measure wouldn’t even be up for discussion. That would be far from the truth, however. According to a report by the Pew Research Center, almost a third of Americans don’t use any kind of screen lock. We gave this some thought recently when discussing how to improve the security of your phone in 2020.
This time, we’ll dig a little deeper and look into the different authentication methods your Android devices offer.
A pattern lock, as the name suggests, is a lock that requires the owner to enter a specific pattern that they came up with to unlock their device. As far as screen lock choices go, pattern locks could be considered a medium-level security option at best. Your finger squiggle could be as easy as drawing an L or you could make the pattern more difficult by drawing a sophisticated shape. The simpler the pattern is, the easier it is for lurkers to copy it if they are watching over your shoulder.
In fact, the research found that lurkers were successful in recreating the swipe pattern 64.2% of the time after looking at it once; with multiple observations, that risk rises. You can improve your security by turning off feedback lines and opting for a more sophisticated pattern. All things considered, however, a PIN or a password is generally a safer option.
If you’ve been smart and set up any protection at all on your Android devices, you’re probably familiar with the PIN lock/password option, because it is the code your SIM card asks you to enter whenever you turn off and turn on your phone again. Many Android versions will allow you to set a paltry four-digit code, but if you care about your security, you will choose a much longer PIN code.
If you want to up your lock game, you should probably opt for a password that incorporates letters, numbers and special characters and make it at least 8 characters long. It may be a bit harder to remember and type out, but in the long run, you’ll be glad you played it safe. If you really want to up the ante, you can also turn on the feature to wipe your phone after a number of failed login attempts.
Fingerprint biometric lock
Fortunately for some of us, fingerprint biometric locks are still a thing. You may encounter different varieties, with some being standalone locks, others incorporated into buttons and the latest development are the ones hidden in the smartphone screen. The case for these is that the fingerprint lock can be considered to be one of the fastest ways to secure your phone. By placing your finger on the reader your phone will unlock within a fraction of a second.
But is it foolproof? Well, where regular people are concerned it’s highly doubtful that a bad actor would go through the ordeal of trying to get through a biometric lock. Still, bypassing a fingerprint lock isn’t entirely impossible. Fingerprints can be stolen from photos and other sources, then recreated, even with just 2D printing, and then used to bypass biometric locks. In 2017, one security researcher was able to recreate the fingerprint of Germany’s Minister of Defense from high-resolution photographs.
This biometric lock does exactly what it says: it scans your face. Although you’d imagine that the process is fairly sophisticated and entails a large number of technological wonders, the truth is it basically relies on your front camera and some software. The camera scans an image of your face and then relies on a facial recognition algorithm to verify your face. The speed of the unlock also depends on your phone and the quality of its front-facing camera.
The measure isn’t necessarily that secure and a bad actor may fool it with a photo of your face. Actually, researchers conducted a test on 110 different smartphones and what they found didn’t paint a pretty picture. In general, having a fingerprint biometric lock in combination with a passcode is the more secure way to go.
Different brands of smartphones are also putting their takes on biometric security measures by adding special features to bolster the security of their devices. Those range from various levels of face scanning to iris scans. Samsung, for one, has its own version of the iris scan, which is quite simple to set up. It also considers whether you wear glasses or not. The technology uses an infrared LED to illuminate your eyes while a narrow focus camera captures the iris patterns and the smartphone processes that information. Sounds very high-tech, doesn’t it? But is it secure? Well, a team of white hat hackers using a camera with an infrared feature was able to trick the first of Samsung’s phones to offer the feature.
There’s quite a variety of lock options to choose from. It’s always wise to choose a combination of features and not to rely solely on just one. But arguably the safest option on the list is the trusty PIN or password of sufficient length, with a fingerprint scan coming in next. Whichever option you choose, it’s always smart to plan ahead. Securing your phone now might save you from a nasty headache in the future.