Firelands Computer Services Blog
When Securing Your Smartphone, Some Options are Better Than Others
Today’s smartphones are equipped with assorted ways that users can authenticate their identity, from the now old-fashioned PIN to basic biometrics. However, while these options are available on a wide range of phones, not all of them are equally secure. Let’s look a bit closer at these authentication measures to find out which is most effective.
Does Mobile Security Really Matter That Much?
In a word: yes.
Look at how much we can accomplish with a mobile device. While we’re used to the capabilities that a smartphone offers, it wasn’t too terribly long ago that these capabilities were unheard of outside of science fiction. It wasn’t until 1996 that practical PDAs came about with the Palm Pilot, followed by Blackberry in 2002 and 2004’s introduction of HTC’s Windows phones that we had a taste of what a “smart” phone would look like. It was only in 2007 that the first generally-agreed-upon smartphone, the iPhone, was released.
Just think about the difference between the devices we have today, compared to those that preceded them. While these so-called “dumb phones” were not devoid of sensitive data by any stretch, they may as well have been in comparison to today’s devices.
Now, there are applications for everything, from money management to medical data to shopping and every other purpose imaginable, many of which contain or regularly access personal data. Therefore, it is so important for these devices to be secured… the method by which a user can unlock the device being just one tiny facet of these security needs.
Evaluating Your Authentication Options
Nowadays, the authentication options present on mobile devices are designed to combine the needed security with the convenience of the user. Yet, since they aren’t all equally effective at securing the device, you need to be selective about the authentication method you use.
Let’s go over the options your device may offer and see which one is the best for your security.
We’re all familiar with these authentication measures, as they’re generally the baseline authentication measure for any device, including mobile devices. They also help prevent other authentication proofs from being put in place without the user’s approval. While these security measures are far from impenetrable, they are secure enough to serve as the basis for sufficient security. This is, of course, provided that the user is responsible when they set them.
That said, many users don’t act responsibly as they should, leaving their mobile devices relatively insecure. A study conducted in 2012 revealed that the PINs people used were often of personal significance to them, were composed of repeated digits, or (most amusingly) featured the number 69. Other common numbers were those that could easily be typed in sequence, like 1234, 7890, and the like.
Another study showed that increasing the length of the PIN from four numbers to six rarely added any security benefits, again because of the user. Apparently, the added length makes the user feel more secure by default, and by doing so, gives them the comfort to slack off in how secure their PIN is.
Naturally, assuming the user has the patience to retype their password each time the device locks, this option is more secure than a PIN. Regardless, these options are generally accepted as the most secure option right now.
Thanks to the hardware and software that our devices now support, users can now use their physical attributes to confirm their identity, as biometric authentication has risen in popularity. Naturally, the different methods that make up biometric authentication aren’t as consistent as many would assume.
Fingerprint Sensors: The first phone to have a fingerprint sensor—the Pantech GI100—first launched in 2004, and with the Toshiba G500, the fingerprint sensor became a mainstream inclusion on smartphones. This isn’t expected to change, with projections predicting that 90 percent of devices will still have a fingerprint sensor in 2023, as compared to 95 percent in 2018.
Fingerprint sensors come in many kinds, which does impact their security somewhat. For example, Samsung has started to incorporate sensors under the screen to enable a three-dimensional image to be captured. However, this inherently secure technology can be undermined using a screen protector, as the screen protector can actually lead to any fingerprint being accepted. There is also the concern that fingerprints can be harvested from another source and transplanted to the device to unlock it, so the user needs to prioritize making sure their device is properly acclimated to their unique print.
Iris Scanning: Currently, iris scanning is seen as the most secure biometric authentication, as the iris is even more unique than a fingerprint. While these capabilities are currently present in many devices, many users don’t use them. This is generally because it takes longer to scan the iris, as the user must direct their gaze to the sensor.
Facial Recognition: Fingerprint recognition has begun to be replaced by facial recognition capabilities, particularly with the rising prevalence of full screen displays. With a decent software installed and a good set of reference data, facial recognition can make unlocking a device effectively effortless. However, that’s assuming that the software is good and that the reference images are good. If these images have blights like glare on them, it is harder for a user to unlock and easier for a hacker to crack.
Pattern Passwords/Knock Codes
Finally, we’ve come to the least secure option of all. Many Android devices offer the user the option to tap a pattern of their choosing on a grid to unlock their device. Multiple studies have disproven the security of this method, simply because it isn’t too challenging to figure out a user’s pattern.
In one study, it was found that 65 percent of the 351 participants involved created a code that followed Westernized reading patterns, starting at the top-left and progressing to the top-right. Increasing the size of the grid only led to users selecting shorter patterns. Many patterns proved common amongst the participants as well:
- An hourglass: top left, top right, bottom left, bottom right, top left, top right
- A square: Top left, top right, bottom right, bottom left, top left, top right
- The number seven: Top left, top left, top right, top right, bottom left, bottom left
To top it all off, the researchers found that knock codes were rapidly forgotten. 10 percent of the participants had forgotten their selected code by the time the 10-minute study was over. Plus, they’re slower: knock codes took five seconds to input, while a PIN takes four and a half.
Don’t Skip Securing Your Mobile Device
If you’ve made it this far, you’re likely a smartphone user, and as such, it plays an important part in both your professional and personal life. As you have probably gathered, you can’t afford to short-change any aspect of your security, down to the way you unlock your mobile device.
Firelands Computer Services can assist you in ensuring your business’ technology is adequate for your purposes, and that it has the necessary protections surrounding it. To learn more about our services, reach out to our team at (419) 626-6767 today.