Smartphones now come with a variety of ways that users can elect to unlock their device, from biometrics to tactile patterns to good, relatively old-fashioned personal identification numbers. Of course, not all these authentication measures secure your phone equally well. Let’s consider some of these measures to determine which one is best for your device’s security.
Why Mobile Security is So Important in the First Place
Consider the capabilities of our mobile devices today, as compared to those that were considered high-end before Apple premiered the iPhone in 2007 (Not to discredit all the classic PDA/smartphones that came before the iPhone, like the Palm Trio, the Blackberry, and the line of super cool HTC Windows phones, but general consensus feels that the big shift in mobile computing really started with Apple). The difference is staggering. While those devices that are affectionately referred to as “dumb phones” certainly can contain sensitive data, it is effectively nothing compared to what a smartphone can access.
Applications for money management, shopping, medical data, and so many other examples of personal information currently reside on today’s mobile devices—which is precisely what makes the security that protects these devices so important. The authentication method that a user can confirm their identity through is just one example of this security.
The Best Options, and the Worst Options
The various methods that are available to users now each offer their own method of maintaining security, presumably for the user’s convenience. However, as we have established previously, not all these authentication methods are equally good.
Let’s review your various available options and see how their differences make some a better solution than the others.
Passcodes/PINs/Passwords
These authentication measures are effectively the baseline security on any mobile device, as they also protect the device from other forms of authentication being added without approval. While these security measures are by no means impassable, they form the foundation for any decent security measures if used responsibly.
Of course, we do have to address the inherent weaknesses that these authentication requirements present. Most of these weaknesses are derived from the user responsible for setting them up. For instance, a 2012 study demonstrated that most people used PINs that either represented personally important years, simply repeated digits, or heavily featured the number “69.” Also prevalent, numbers that are simple to type: 1234, 7890, and so on. Another research study revealed that the benefits on a six-digit PIN were negligible as compared to a four-digit PIN, as the added length provides a false sense of security and winds up encouraging less-secure PINs in general.
Of course, passwords are also an option (and a stronger one to boot) if the user has the patience to retype their password each time the device locks. The consensus is that these authentication measures are the most secure option currently available.
Biometrics
Improved hardware and software now allow users to effectively use their own bodies as the key to their mobile devices, as biometric authentication is now incorporated into many mobile devices. Of course, the efficacy of biometric authentication isn’t universally consistent—some methods are simply more secure than others are.
Fingerprint Sensors: Most smartphones will have fingerprint-detection capabilities for some time, some projections seeing up to 90 percent of devices incorporating these tools by 2023, while 95 percent of phones had such a sensor in 2018.
There are various technologies in play that power these sensors, with varying security efficacy. For instance, Samsung devices are beginning to include sensors under the screen, which create a three-dimensional image of a fingerprint. While this makes them inherently very secure, screen protectors have been shown to bamboozle them, potentially allowing any fingerprint to unlock them. Furthermore, fingerprints can potentially be harvested from surfaces and transplanted to a device, so properly training your device to your unique fingerprint is crucial.
Iris Scanning: The prevailing opinion is that iris scanning is the most secure form of biometric authentication, as fingerprints aren’t as unique as a person’s irises are. Some phones feature these capabilities, but they may not be as popular, as scanning the iris can take a little longer simply because the user must look directly at the sensor for it to work.
Facial Recognition: Many manufacturers have begun to phase out fingerprint sensors for facial recognition options, especially as full screens have grown in popularity. With appropriately captured reference data, decent facial recognition software can simplify the unlocking process significantly.
However, the quality of the software and the images it uses for reference can cause some issue. Poor-quality images—like those with excessive glare—can make it easier for an attacker to make it past the lock, not to mention make it more challenging for the user.
Pattern Passwords/Knock Codes
Finally, many Android devices have the option to designate a pattern on a 2x2 or 3x3 grid that must be tapped correctly to unlock the device. Studies have shown that this method is by far the least secure of the authentication requirements, as it becomes far easier for an attacker to figure out the user’s chosen pattern.
For instance, in one study, researchers discovered that a full 65 percent of the 351 participants selected a code that began at the top-left square and immediately proceeded to the top-right, presumably influenced by Westernized reading patterns. Larger grids encouraged shorter patterns, and the data collected during the study revealed that some patterns were commonly adopted:
- An hourglass: top left, top right, bottom left, bottom right, top left, top right
- A square: Top left, top right, bottom right, bottom left, top left, top right
- The number seven: Top left, top left, top right, top right, bottom left, bottom left
Proving patterns are an even worse method, these researchers also observed that knock codes were more easily forgotten, with about 10 percent of participants having forgotten theirs by the end of the 10-minute study, and their five-second entry time being slower than the 4.5 seconds needed for a PIN.
Make Sure Your Mobile Device is Secured
With our mobile devices playing such a huge role in our personal and professional lives, their security needs to be prioritized, with only the most secure methods protecting them.
For assistance in managing your security, from your in-house business solutions to the devices your employees use each day, reach out to Dresner Group. Our team can assist you in implementing the technology you need while educating your employees on the importance of secure practices. Give us a call at (410) 531-6727 to learn more.
Comments