Our smartphones are more than just communication devices; they are repositories of our most sensitive information, from personal photos to banking apps. Securing them is essential. But should you use a PIN, password, or biometrics like fingerprint unlock? There are pros and cons to each. Let’s go through them so that you can decide what is the best option for your threat model.
Fingerprint unlock works by capturing and storing biometric data securely within your device. Most modern smartphones, such as those by Apple and Google, store this data in an isolated part of the device, ensuring that it never leaves your phone. This level of privacy is more robust than many realize, with Apple using the Secure Enclave and Android utilizing the Trusted Execution Environment (TEE) to encrypt and protect your fingerprint data. However, there are still trade-offs to using fingerprint unlock.
Pros of fingerprint unlock
Convenience and Privacy: Using a 16-character alphanumeric password is going to be far more secure. However, most people unlock their phones around 100 times a day. It’s just not sustainable for the average person to protect their device this way, especially given the average threat model. Alternatively, fingerprint unlock is incredibly convenient, allowing you to access your phone quickly without the hassle of entering something long and complex. It’s also more private in public settings, reducing the risk of shoulder surfing – a common tactic where thieves observe your PIN and later steal your phone. While privacy screens can help mitigate this risk, PINs can still be guessed by observing general PIN patterns. Using a password instead of a PIN and scrambling the PIN layout are other options to mitigate shoulder surfing, but these add a trade-off with convenience.
Security Level: From a security perspective, fingerprint unlock is roughly equivalent to using a 5-digit PIN. This conclusion comes from understanding the False Acceptance Rate (FAR) associated with fingerprint systems. For instance, Apple’s Touch ID (although no longer used in modern iPhones, it still provides a good gauge) boasts a FAR of 1 in 50,000, which means there’s a 1 in 50,000 chance that an unauthorized user could access your device using a similar fingerprint. Given that a 4-digit PIN has 10,000 possible combinations, and a 5-digit PIN has 100,000 possible combinations, the security offered by a fingerprint is in the same ballpark.
Threat model considerations
While fingerprint unlock is suitable for many users, it may not be the best option for everyone, depending on your threat model. Common concerns include:
- Unlocking While Asleep: There’s a fear that someone could unlock your phone using your fingerprint while you’re asleep. This is a legitimate concern but is more of a targeted attack scenario than a common risk.
- Fingerprint Theft: Another concern is that someone could steal your fingerprints to unlock your device. While it’s possible – by either copying fingerprints physically left on objects touched, or replicating via photos – this again is more relevant to high-target individuals.
- Coercion by Law Enforcement: In some jurisdictions, law enforcement can compel you to unlock your phone using your fingerprint, whereas they might not be able to force you to reveal a PIN or password due to the Fifth Amendment protections. However, these legal precedents are not uniform and can vary widely depending on location.
If your threat model is higher – say, you’re concerned about targeted attacks or coercion – a long, random password is your best bet for security. However, this level of security comes with a significant convenience trade-off, as entering a 16-digit password multiple times a day can be frustrating and unsustainable. Most people are more at risk of their phone being snatched in a public place, and these targeted attacks might not justify making their phone harder to unlock in daily life. There are also hybrid approaches: Turning your phone off when you sleep or during a border crossing will revert the phone back to a password or PIN, so someone could use fingerprint unlock day-to-day and utilize stronger protections in higher-risk environments.
The role of brute-force protections
A critical factor in your decision should be your phone’s brute-force protection mechanisms. For some people, it will be less important which unlock method they use, and more important which device they choose, because different devices offer wildly different brute-forcing protections. Devices like Google’s Pixel phones are equipped with the Titan M2 chip, which includes a Weaver token mechanism. This technology adds a time delay to successive PIN attempts, protecting the device from brute-force attacks. On such devices, a random 6-digit PIN is considered sufficient for robust security. This level of protection is superior to the brute-force protections found in many other phones, including some Samsung models, which have been shown to be more vulnerable to brute-force attacks.
Conclusion
In summary, whether to use fingerprint unlock or a PIN/password depends largely on your specific needs and threat model. For most people, fingerprint unlock offers an excellent balance of security and convenience, comparable to using a 5-digit PIN. However, if you’re at a higher risk for targeted attacks, consider using a device with strong brute-force protections or opting for a longer, random PIN or password. Ultimately, the best security choice is often not the most extreme method possible, but the one that you can consistently maintain, without compromising your sanity.
Yours in privacy,
Naomi Brockwell