Face, finger, or iris? Which unlocking method is the most secure?
I’m sure you’ve noticed that Android has a number of options aimed at making your device more secure. One of those is different methods to unlock the screen: pattern, PIN, password, iris scan and fingerprint, just to mention a few. Below, we’ll explain the goal behind each one and then you can choose the most practical and secure unlock method for you.
Facial recognition isn’t anything new. It first arrived on Android with the Ice Cream Sandwich version, also known as Android 4.0. This feature uses the front camera of the device to take a photo of your face and then it uses that photo as a baseline to unlock your device. It has a questionable level of security, with more cons than pros.
One of the biggest problems is that lighting has to be ideal for the front camera to be able to take a picture of your face. This all depends on the quality of the camera and how your face is placed in front of it. There’s a similar feature on the iPhone X, called Face ID, although the tech behind how it works it slightly differently.
This is my favorite option and the one I currently use on my phone. Obviously, how well it works depends on a few factors, like the quality of the sensor and its placement. Quality, in this case, means the speed that the sensor reads your finger. This varies a lot between devices, as well as its scratch-resistant surface. There are certain biometric authentication mechanisms which become faster the more you use them.
As for the placement, I prefer it on the front bottom part of the display, next to the power button, like on the old Xperia line, which to me, is very practical. I’m not a fan of the ones on the back, which is more common today but it’s all subjective here.
As for security, this is probably the most secure method to date. That’s because it’s quite difficult for a fingerprint reader to be easily hacked. Furthermore, the sensors are developed to recognize body heat and blood movement of the user, which means you can’t use a “dead” finger to unlock an Android.
Like facial recognition, I’m still not convinced about using an iris scanner to unlock devices. It basically does the same thing as the fingerprint reader, and it requires the device to have a second, registered password in case you can’t get your phone unlocked. With the Galaxy S9 and Note9, the fingerprint and iris scanners cannot be activated at the same time. In other words, the second unlock method needs to be a PIN or an alphanumeric password.
Recognition varies according to lighting conditions and where the user’s eye is positioned. The better readers won't slow down when recognizing a user’s eye, even in low-light conditions.
The system that scans your iris also needs to be fully integrated into the reader so it reacts quickly and can’t be hacked. Technically, this system is on par with the fingerprint reader in terms of security but loses out when it comes to usability.
Smart Lock was introduced on Android 5.0 Lollipop, and it’s been updated throughout the latest versions. I don’t really see it as a method to unlock your device but rather as a compliment to the one that you’ve already chosen. What the Smart Lock does is very simple, it unlocks - or better said, keeps your device unlocked - according to where you are, your voice, a device or a presence.
Choose your trusted locations, like your house or work, and when you get to those places, your device will be unlocked without having to use any of these methods. You can even use Bluetooth devices as trusted locations.
Currently, Smart Lock can also be set up so that it keeps your phone unlocked even when it’s in your pocket. As I said, it’s not really a method of unlocking your phone, but rather a compliment to one. Keep in mind that anyone can access your phone when you’re in one of your trusted locations, or even connected to a Bluetooth device.
A PIN is the traditional combination of numbers, and the length depends on which version of Android you have. It’s probably the main security option, distinct from the rest of the options presented here. PINs are also limited in their recovery if you happen to forget it. You’ll probably have to spend hours and hours trying to unlock your device. I use a PIN on my Android as a compliment to the fingerprint scanner.
The pattern, or design, is a unique feature on Android phones and it’s been around for a while now. You can use it combined with the PIN if you’d like, but it really is a decent security system by itself. There’s only a certain number of times that you can try it until it locks you out for a few seconds. However, on some interfaces, a certain number of wrong attempts can lead the device to erase user data.
Something else that’s curious about the pattern, and might be seen as a problem, is that your finger leaves the pattern on the display, which makes it easy for anyone to trace it. A combination of a greasy finger and a matte film will tell the world your password.
A password is the oldest unlock method there is, and it’s seen as the most secure by many users. You can use any combo of numbers and letters to unlock your device. Recovery systems vary a lot but, in general, it can be just as hard to recover a password as it is a PIN.
Which method is best to unlock your Android?
The iris scanner, Smart Lock and facial recognition are all complimentary or secondary security methods, and as of right now, they aren’t good enough to be used as the sole method of protecting your phone. This means that you’ll have to register a PIN, pattern or password as your primary option. The iris scanner has another aggravating feature as well: restriction and availability. There are only a few models on the market right now that come with this feature.
The fingerprint reader is also a complimentary feature, but it’s a feature which is available on most mid-range models, and its usability is very attractive. It also has fewer recognition errors. Nevertheless, you can count on the more traditional options, which are also the most secure, since they don’t need a second layer of protection. In terms of both practicality and security, I’d stick with the PIN, password or pattern if I were you.
Which option do you use on your Android? Which do you think is the most secure?
i am sad
i am just commenting for dem points baby
nice article tho
Fingerprint + very strong password [letters + symbols + digits (I am very intelligent 😊)]
I open the phone with my finger: just press the on / off button! ... because I do not have a fingerprint sensor. But the next phone will be guaranteed with the footprint, it is very practical.
Scanning the iris seems to me extraordinary, being safer than the fingerprint. It also matters what security is required for the phone.
At this time I use the fingerprint sensor for convenience and the PIN is my backup.
Define secure. If your access is not controlled by something only you know, you have no protection from government. The face eye and print systems can all be legally compelled by government and are pretty easy to compel by physical force. A judge in the US finally ruled that compelled bio access was against the 5th amendment, but that ruling only affects a small locality so far .
Bio have also all been fairly easy to hack.
With the rise of ubiquitous camera surveillance, your password will be available to law enforcement before long too.
I use the pin pattern 95% of the time. Seems to be the easiest for my use!
I use a pin and the fingerprint scanner. The only benefit for using the fingerprint scanner is that's is really fast and when in a crowd noone can try to find out your unlock code. I used to use a pattern but now prefer a pin.
I like a password that's a combination of letters and numbers, and that requires at least one capital letter
fingerprint + pin here
I think password and pin would be better for safety. Imagining that, when you fall asleep or are knocked out by bad guys, they can use your body freely for biometric verification.
But what I still want to say is, fingerprint scanner is really really really handy and addictive, especially when scanning fingerprint to confirm mobile payment instead of entering payment password.
Why are all the pictures in Spanish?
Hi Michael, the article was originally written in Portuguese, therefore the smartphone was set to Portuguese. We will look out for this in the future though :)
Pin works best for me.. along with a small amount of (paranoid) scepticism..
but device security is as much about what you install and what information your sharing and with who.. and as much about avoiding less than reputable apps and hardware..
Good point. Consumers need to have a global look at how their data is protected or kept secure. Locking your device may just be the tip of the iceberg, but people unknowingly share their data with third parties that just might not be that trustworthy.
Here in the Philippines it is all useless. If your phone is lost or stolen there are hack shops every where that will unlock your phone for 100 pesos or about 2 dollars. The only good thing is most of the time they are factory reset (newer models anyway) so only the most persistent can get your info.
If your phone is stolen or lost, it is super important to factory reset your phone remotely with Android Device Manager. We have a tutorial here https://www.androidpit.com/how-to-remotely-delete-android-phone-data