Thursday, January 16, 2014

Android Lock Screen Security

Connect the dots!

Android offers a number of security options in terms of locking your device. What we mean by this is when you turn the screen on, you will be presented with an authentication request before you can actively use the device. In the current version of Android, you are presented with the following options: None, Slide, Face Unlock, Pattern, PIN or Password.

None is pretty straightforward, just hit the power button and start using your device.

Slide offers no more security than having None in place, but does offer protection from pocket dialing as it requires you to slide a lock image from the center to the side of the screen.

Face Unlock is a very interesting and fun concept, in setup, you take a photo of yourself staring into the eyes of your device, and in operation, you must duplicate that stare into your device. Actually, many of the same great face recognition algorithms are in place from Google's other software and the face unlock is fairly stable. However, I have previously been able to successfully fool this feature by placing a photo of L.L.Cool J, or whatever his name is, in front of my camera. He and I had similar facial hair in this scenario, but many other differences, including skin color, yet, his photo got into my device. Further, at the time of writing, my attempts to get screenshots to include here failed as choosing the option actually crashed the System Settings app. Please give it a go for the novelty of it all, but I expect a few more upgrades to the software before I'll trust it with my device.

PIN is pretty simple, just like you voicemail and bank cards, choose a 4 digit numeric passcode.

Password, once again, as straightforward as you get, plunk in your desired password. Almost no restrictions, but that is a poor excuse to not use a secure password that is 305 characters long using a combination of numbers, upper and lower case letters, symbols, smileys, a letter of reference from the president and a photo of your cute kitten. I'm kidding, but you do have to make sure it is at least 4 characters long.  

Finally, my favorite, the Pattern Lock. You are presented with a grid of dots, 3 x 3, and are asked to create a pattern by drawing a line between the dots, connecting at least four of them. My wife has a great pattern that uses all of the dots, but, in being too complicated a thing to enter every time she accesses her device, has downgraded to something much simpler. Inspiring my advice to keep it relatively simple.

Unless you have need to take extreme measures, a four or five dot pattern is mathematically as secure as a numeric pin, (please do not ask for verification, I can't remember where I read all about this...) but much harder to socially engineer a hack. For example, your numeric pin may be based upon your, or a loved one's birth date, maybe anniversary date etc. or your password based on your child or pet's name, these are common, predictable and easily guessed at habits that a Pattern lock does not really let us fall into. I suppose you could assign numeric value to each dot and make your pattern represent your birthdate, but I'll assume that that did not cross your mind until just now.  

 In addition to the above stock Android solutions, you may enjoy extra functionality such as a fingerprint scanner, voice activation, RFID/NFC scanner and more. It is up to you and completely dependant on how you use your device to decide which, if any, security screen lock you employ. Also of note is the ability to put a handful of widgets on the lock screen, providing instant, if limited, functions outside of the security barrier, or installing other Lock Screen Apps, that offer their own features.

No matter which route you choose, if your personal or account info is inside your device, and I bet it is, a screen lock is a smart move.

Has your face or voice unlock been bypassed by anyone famous? Do you have any good stories to share? Please do so in the comments below.