Is A Screen Lock Safe? & Does A Screen Lock Really Work?

Updated: Apr 26, 2021

Owing to rising technological advancements and scalability of smartphones, the industry is witnessing unprecedented demand. Mobile devices are more integrally linked to our daily lives and due to this the privacy of our smartphones has become much more important. People store every single detail about their daily lives, including financial and healthcare related crucial information, on their phones and carry it around wherever they go.

Like Windows (icon) + L and Control-Shift-Power are used to lock Windows system and MacBook respectively. Screen locks are also popular in smartphones to offer basic security. But how secure these locks are is the primary question we will discuss in this article.


What is a screen lock?

Screen lock is a security feature for smartphones and other hand-held devices. It blocks unauthorized access to the gadget. It is helpful because anyone attempting to gain access to the device needs to enter a specific pass code or pattern within the set number of attempts. Fingerprint identification, pattern password, and face recognition are some of the types of screen locks that are available in modern times. These authentication methods are different for each platform.


Screen lock options in android devices

Various screenlock options available for android devices
Android Screenlock Options

The image depicts the list of different security options such as password and bio-metrics commonly available in Android devices. A user can use any of the options or a combination of them. Using combination is expected to be more reliable though than using any one method alone.


Some of the key options include the following security methods:


Pattern based lock

It is considered to offer medium-level security. As the name suggests, it requires the user to draw a pattern to unlock the screen. While using this security feature users tend to draw/use a simple pattern. For instance, initial alphabet of their names, L shaped patterns, or patterns origin point starting from 1, 5, or 8. It is observed that patterns which starts from the digits 1, 5, or 8 are easy to guess and therefore it is easy to guess possible patterns. In terms of security, the pattern lock method is easy to bypass because of the shoulder surfing attack. To improve its effectiveness, disable feedback lines and prefer choosing a complex pattern.


Password or PIN based lock

Android Password & PIN Screenlock Options
Android Password & PIN Screenlock Options

It is the strongest screen lock method. The SIM asks the user to enter the set PIN every time the phone is turned ON. A user can set a 4-digit PIN. However, while using this security feature users tend to use basic values as passwords such as date of birth, OR weak pass codes such as “1234”, “0000”, “1111”, OR pass codes that are easy to type on the keypad such as “7898”, “2545” to name a few. This leads to easy guessing of their passwords. Hence, to curb this situation, an individual can set longer PINs if possible or use more uncommon combinations of the four-digit options available. When available, users should always set a complex 8–16-digit alphanumeric pass code. This can be hard to remember but would be difficult to crack and will also make using brute-force attacks much more difficult.

The image depicts different security options. Options such as 4-digit, 4–16-digit password, and password with 4-16 alphanumeric characters are available in most Android devices. In terms of security, choosing the alphanumeric characters option will certainly offer enhanced security.




Fingerprint based lock

Using fingerprints is the fastest way to secure a phone as they are unique for every person. People tend to use this feature if they have issues remembering passwords or PINs. Its functionality is simple, and the phone unlocks within seconds. The fingerprint sensor present at the back of the phone or embedded in the screen towards the bottom front part of the device reads the fingerprint. This is helpful if a person has a habit of checking his/her phone frequently. However, in terms of security, owing to the technological advancements it is easy to make a replica of the fingerprint using 2D technology to further bypass the sensor. Nevertheless, such occurrences are rarely observed in everyday lives.


Face scan based lock

FaceID based Screenlock - Android
FaceID based Screenlock - Android

As the name suggests, this security feature scans the user’s face. The face scan feature uses the front camera to unlock the phone and as any other bio metric feature, it unlocks within seconds. However, its response time depends on the quality of the front camera and the facial recognition software within the OS.

As the image suggests, the “unlock only when eyes are open” option will make it difficult to scan one’s face while they are asleep or distracted. Nevertheless, an individual can use a combination of fingerprint and password/PIN security feature if he/she chooses to use this option.



Android smart screen lock

Smart locks offer moderate security. They allow a user to alter the security features. It enables an individual to set the usage preferences in a way that the phone will unlock only when either of the three conditions are met such as on-body detection, trusted places, trusted device.


Smart screenlock for android mobile phones
Android Smart Screenlock

Now, even if this security feature is efficient, it does not ensure maximum security. For instance, if a person with Mal-intention knows that you have enabled this feature, that individual might enter your home, carry the phone with him/her along with the selected trusted device such as smartwatch or smart speaker. In this situation, on-body detection, trusted places, and trusted device conditions are bypassed respectively, thereby leaving the authorized user’s device and personal data vulnerable.


Screen lock for iPhone & screen lock on iPad

These devices include the following security methods


iPhone passwords & PIN based screen lock

iPhone/iPad allows its users to set alphanumeric and longer digits pass codes whenever a user restores or turns on his/her phone for the first time. However, it can also be done at the later stage. In the “turn pass code on” security feature of iPhone, an individual can set 4-digit, 6-digit, or 08-16 digit alphanumeric passwords.


Touch ID

Apple has its fingerprint identity sensor known as Touch ID. It is a more convenient bio metric security feature as compared to the pass code/PIN feature. Since people do not want to remember passwords/PINs or have problem in remembering them they tend to use the Touch ID feature.

Apple stores fingerprint data of the user in its Apple A series chip-set and matches it every time the user tries to access his/her phone using their fingerprint. In this situation, Apple checks the ridges of the finger instead of capturing a 2D print.

In the situations mentioned below, Touch ID is turned OFF automatically and locked in some cases:

  • …when Touch ID is not used for 48 hours

  • …when a user reboots or restarts the iPhone/iPad

  • …when a fingerprint is incorrect for 5 attempts in a row

  • …when password/PIN is not used for 6 days in a row

Face ID & pass code

It is a type of bio metric security feature available in iPhone/iPad. While using this feature, the screen lock for iPhone asks the user to enter pass-code to verify the user’s credibility and thereby ensuring 2-way security. It includes technologies such as Bionic chips, TrueDepth camera system, and neural networks. It functions well even if there are any changes in appearances including facial hair and makeup. However, significant changes in appearance will require a user to re-enter pass code.


In terms of security, Face ID & pass code feature in newer versions of iPhone are even more secure. For instance, to ensure enhanced security, Apple specifically mentioned that face data of a user is not sent to the server, instead it is secured in the Bionic chips, also known as “secure enclave”, stored locally on the device. Furthermore, according to the company, this feature needs attention of the user and therefore, if the eyes are closed or the individual is not directly looking into the phone, the device will not unlock. Hence, a combination of Face ID & pass code security feature is a good option for the latest versions of Apple smartphones.


Conclusion

  • To summarize, there are a variety of screen lock options available, however, selecting a combination of different security features will offer more security

  • To ensure enhanced functionality of such security features, users should avoid using PIN & passwords that are easy to guess

  • The best screen lock option is a complex 4–16-digit Password or PIN followed by the face ID along with a pass code

  • Android users tend to use patterns more often because they are easy to remember, however, pattern-based screen lock is the most vulnerable option. As it is vulnerable to social engineering attacks. Additionally, it is easy to memorize a pattern as it is a graphical representation as compared to a random 4-16-digit password.

  • Face ID along with pass code is the safest security option in iPhone because the user data is stored in a secured enclave and not on the Apple server. Therefore, whenever a user tries to unlock the device, the software pings its knowledge base to verify if the Face ID matches with the data stored in the enclave.

  • Likewise, since 2019, Android has begun storing its critical data in a secured hardware chip

  • It is easy to create a replica of someone’s fingerprint on a surface which can then be used to bypass the sensor. To overcome this, Apple expects to eliminate its Touch ID feature from its smartphones by 2023.

  • Lastly, fingerprint is a “physical evidence” and government officials have the right to store fingerprints. Legal authorities already have access to people’s digital information. For example, the FBI has an Integrated Automated Fingerprint Identification system. This system includes fingerprints data of millions of people who may or may not have any criminal history. Therefore, it is not difficult for them to gain access to an individual’s fingerprints. However, when dealing with PINs or passwords, officials cannot access personal individual information that easily, unless otherwise required by law.


33 views0 comments
Ruda Barar
  • LinkedIn

EC-Council CEH Certified | ECSA Trained | Master of Technology (M.Tech) in Information Security | ISO/IEC 27001 - Information Security Foundation