Tech security is of utmost importance these days now that we use so many always-on electronic devices. And the most critical of those is the smartphone. It’s on us 24/7, used for everything from communicating to banking and navigating, and contains tons of private information.
Pretty much every phone has a screen lock of some kind that ensures someone passing by can’t swipe your phone and easily log into it to see your private photos, sensitive work information, or personal financial details. Usually, the lock screen provides access to basic functions, like the camera (to take photos), flashlight, and calculator, but blocks access to everything else until the authorized owner unlocks it.
While the old four-digit passcode is still being used these days, there are many other ways you can secure a mobile device.
What are they and which is best? Here’s a rundown, with insight from cybersecurity company ESET.
The pattern lock, introduced with certain Android devices, involves drawing a pattern using an invisible grid that your finger follows to unlock the device. An unlock “code,” for example, could be “swipe right, diagonal to the bottom, left corner, up to the top, left, down diagonally to the bottom, right, and back across to the bottom left. It can be a bit complicated to remember at first, but once you get used to unlocking your device using the same pattern of finger swipes, it becomes second nature.
ESET rates pattern locks as “medium-level security at best.” If you use a super-easy pattern like an “L,” a “Z,” or a square, someone watching over your shoulder, or even standing in front of you, can easily see the pattern of how your finger is moving. Indeed, a study conducted in 2017 by Lancaster University, Northwest University in China, and the University of Bath, found that it was super easy to crack a pattern lock, with most easily revealed in five attempts or less. And yes, even the seemingly complicated ones can be cracked simply by watching finger movements. How? A hacker covertly pretends to play with their own phone while running software that tracks fingertip movements. They secretly videotape the phone owner drawing his pattern lock from afar.
A PIN or Password
One of the most common methods of phone screen locks is the PIN or passcode. It’s usually anywhere from four to six digits long, potentially even longer. Naturally, four-digit codes are pretty easy to crack. You can easily see someone punching one in while standing over their shoulder and might even be able to crack it from a distance or while in front of them based on the positioning of their finger as it moves up or down on the virtual keypad. Chances are some people also use the same codes to unlock their phones as they do for their bank PIN code, for example, which can be extra dangerous. (Note: never do this!)
But longer, more complex passwords can be pretty rock solid. As with passwords for any electronic device, use a complex mix of letters of both cases, numbers, and symbols. And don’t use actual words or dates that have any meaning (e.g. 1970 if that’s the year you were born, or 020784 if that’s your birthday.) The one downside is that while this provides greater security, it’s also a chore to have to type the password in every time you unlock your phone. A good password is pretty secure but terrible for user-friendliness.
Fingerprint Biometric Lock
Register your unique thumbprint as soon as you set up the device so that you, and only you, can ever unlock your phone. Usually, fingerprint biometric locks can open your phone in under a second so you can start using it immediately, which is very convenient.
Fingerprint locks promise to offer pretty ironclad security because unless the person is going to force your finger up to the device, cut off your finger (hey, it has happened in movies!), or somehow get a scan or copy of your print, they won’t be able to unlock the device. But as with any kind of technology, it isn’t totally impossible. If a hacker really wanted to get into your device and possessed the right tools to do so, they could find a way to lift your fingerprint from an object like a photograph, for example, and recreate it using 2D printing.
Arguably the new favourite method of unlocking a phone’s screen – though the current pandemic and requirement for wearing face masks has made it difficult – face scans require that the phone first takes a scan of your face to map it. Then, hold the device up to your visage, and, using the front camera, software, and a facial recognition algorithm, voila! It unlocks when the device verifies that yes, it is you and not an imposter.
Of course, as soon as face scanning came out for mobile devices, people took to revealing online the many ways they were able to expose the technology’s vulnerabilities. One of the first ways this was brought to light, shortly after Apple released its iPhone X with Face ID in late 2017, was with the creation of a modeling that looked like the person’s face, including a 3D-printed plastic silicone mask and paper cut-outs. It apparently fooled the phone into unlocking.
Another study conducted by a Dutch non-profit actually found that they could trick facial recognition software in some budget and mid-tier devices with nothing more than a really good picture of the person. (The good news, however, is that most devices could not be fooled, including flagship phones from brands like Samsung, Apple, Huawei, and OnePlus.)
More concerning with facial recognition is the mass accumulation of data that raises questions about privacy, security, and how this information is being shared, or could be shared, in the future.
Those questions aside, which could be fodder for another article entirely, face scanning is a pretty good way to secure your phone’s lock screen unless someone really wanted to go through the trouble of building a model of your face that could crack it.
Which To Choose?
Your best line of defense, as ESET recommends, is to employ multiple levels of security so that you aren’t relying on just one method but two, or even three, to unlock your phone. Maybe you have face scanning but once it recognizes your face, you also need to tap your thumb on the biometric scanner. ESET believes the safest two-step combination is a PIN or password (that’s of sufficient length) along with a fingerprint scan.
It can be annoying, especially if you access your phone frequently. But if you have a lot of sensitive, important personal and private details on your device, it might be worth the extra step.
Of course, the most important thing is to always keep your phone with you. Never leave it in the hands of anyone else and never unlock it using a pattern or PIN code in clear view of strangers.
“Whichever option you choose,” writes ESET’s Amer Owaida, “it’s always smart to plan ahead.”
More Smartphone articles