PIN, Password, or Biometrics: Choosing the Right Security Option

There’s a surprising amount of debate over which phone unlock method is secure and which is not. The software behind fingerprint and face ID-based unlocks is proprietary and constantly evolving, so it’s difficult to evaluate its trustworthiness. Currently, Google Pixels don’t have a secure face unlock feature, but iPhones do. Fingerprint-based unlocking is secure but isn’t available on all devices.

 

Pattern-based codes are the least reliable method of securing a phone, as the oil from your fingers can reveal your pattern to an observant thief. Do not use patterns to unlock your device.

 

The choice between a 4-digit pin, 6-digit pin, and password depends on your own subjective balancing of security and practicality. 4-digit pins are the least secure of the three options, but the easiest to use. Although the 6-digit pin is theoretically more secure, research indicates that forcing users to upgrade from 4 to 6-digit pins doesn’t actually make their pins more secure.

 

A strong password is the most secure option, but it’s also the most burdensome. Some may argue that lawyers should not consider this added inconvenience and that their client’s confidentiality is of paramount importance. However, imposing onerous security measures on your employees (or yourself) may paradoxically encourage weak passwords. Typing a complex password once is easy. But, if you need to type it dozens of times every day, the inconvenience will quickly ferment into frustration. Under these conditions, most people will offset the inconvenience by choosing the simplest password possible (e.g., “1111111111111111”), which is far less secure than a random combination of 4 or 6 numbers. Consider how you interact with your phone, the security tools available, and your tolerance for inconvenience, then pick the option that’s the best fit.

More Information:

Chris Smith, Pixel 7 Face Unlock isn't as good or as secure as iPhone Face ID, (Oct. 7, 2022), https://bgr.com/tech/pixel-7-face-unlock-isnt-as-good-or-as-secure-as-iphone-face-id/.

 

Fingerprint Identity Theft: How To Keep Your Devices Secure, Aura https://www.aura.com/learn/fingerprint-identity-theft.

 

"The Same PIN, Just Longer": On the (In)Security of Upgrading PINs from 4 to 6 Digits, USENIX https://www.usenix.org/conference/usenixsecurity22/presentation/munyendo.