How secure is your phone’s lock screen?

Next story

As people become more sensitive about the privacy and security of their data, you’d think that securing your phone with at least some kind of authentication measure wouldn’t even be up for discussion. That would be far from the truth, however. According to a report by the Pew Research Center, almost a third of Americans don’t use any kind of screen lock. We gave this some thought recently when discussing how in 2020 to improve the security of your phone.

This time, we’ll dig a little deeper and look into the different authentication methods your Android devices offer.

Pattern lock

A pattern lock, as the name suggests, requires a specific owner-defined pattern to unlock the device. As far as screen lock choices go, pattern locks could be considered a medium-level security option at best. Your finger squiggle could be as easy as drawing an L or you could make the pattern more difficult by drawing a sophisticated shape. The simpler the pattern is, the easier it is for lurkers to copy it if they are watching over your shoulder.

In fact, research found that lurkers were successful in recreating the swipe pattern 64.2% of the time after looking at it once; with multiple observations, that risk rises. You can improve your security by turning off feedback lines and opting for a more sophisticated pattern. All things considered, however, a PIN or a password is generally a safer option.

PIN/password

If you’ve been smart and set up any protection at all on your Android devices, you’re probably familiar with the PIN lock/password option, because it is the code your SIM card asks you to enter whenever you turn off and turn on your phone again. Many Android versions will allow you to set a paltry four-digit code, but if you care about your security, you will choose a much longer PIN code.

If you want to up your lock game, you should probably opt for a password that incorporates letters, numbers and special characters and make it at least 8 characters long. It may be a bit harder to remember and type out, but in the long run you’ll be glad you played it safe. If you really want to up the ante, you can also turn on the feature to wipe your phone after a number of failed login attempts.

Fingerprint

Fortunately for some of us, fingerprint biometric locks are still a thing. You may encounter different varieties, with some being standalone locks, others incorporated into buttons and the latest development are the ones hidden in the smartphone screen. The case for these is that the fingerprint lock can be considered to be one of the fastest ways to secure your phone. By placing your finger on the reader your phone will unlock within a fraction of a second.

But is it foolproof? Well, where regular people are concerned it’s highly doubtful that a bad actor would go through the ordeal of trying to get through a biometric lock. Still, bypassing a fingerprint lock isn’t entirely impossible. Fingerprints can be stolen from photos and other sources, then recreated, even with just 2D printing, and then used to bypass biometric locks. In 2017, one security researcher was able to recreate the fingerprint of Germany’s Minister of Defense from high-resolution photographs.

Face scan

This biometric lock does exactly what it says: it scans your face. Although you’d imagine that the process is fairly sophisticated and entails a large number of technological wonders, the truth is it basically relies on your front camera and some software. The camera scans an image of your face and then relies on a facial recognition algorithm to verify your face. The speed of the unlock also depends on your phone and the quality of its front-facing camera.

The measure isn’t necessarily that secure and a bad actor may fool it with a photo of your face. Actually, researchers conducted a test on 110 different smartphones and what they found didn’t paint a pretty picture. In general, having a fingerprint biometric lock in combination with a passcode is the more secure way to go.

Brand-specific features

Different brands of smartphones are also putting their takes on biometric security measures by adding special features to bolster the security of their devices. Those range from various levels of face scanning to iris scans. Samsung, for one, has its own version of the iris scan, which is quite simple to set up. It also considers whether you wear glasses or not. The technology uses an infrared LED to illuminate your eyes while a narrow focus camera captures the iris patterns and the smartphone processes that information. Sounds very high-tech, doesn’t it? But is it secure? Well, a team of white hat hackers using a camera with an infrared feature was able to trick the first of Samsung’s phones to offer the feature.

Final verdict

There’s quite a variety of lock options to choose from. It’s always wise to choose a combination of features and not to rely solely on just one. But arguably the safest option on the list is the trusty PIN or password of sufficient length and complexity, with a fingerprint scan coming in next. Whichever option you choose, it’s always smart to plan ahead. Securing your phone now might save you from a nasty headache in the future.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on  FacebookYouTube and Twitter.