Why I still unlock my phone with an old school password

CERT-LatestNews ThreatsStrategic
"This seems *too* easy."
“This seems *too* easy.”


Biometrics are all the rage. Smartphone companies are replacing traditional passwords with fingerprint scanners, face scanners, iris scanners, and just about every other type of body scanner imaginable.

There’s just one problem: Most popular biometric scanners are trash, and it’s a better idea to use an alphanumeric password (i.e. letters and numbers) to lock your phone instead. 

It’s easy to see why people prefer using fingerprint and iris scanners. Unlocking your phone with an iris scanner just feels futuristic. But the harsh reality is these newer methods don’t secure your data as well as an old school password.

Let’s take the seemingly ubiquitous fingerprint scanner. Most smartphones these days come equipped with some form of fingerprint scanner. Apple introduced Touch ID on the iPhone 5S in 2013, and a host of Android devices had it prior to that. Samsung, for its part, got in on the fingerprint scanner game in 2014 with the Galaxy S5. It’s something we’ve come to expect.

With so many people reliant on fingerprint sensors, you’d think it’d be a pretty safe option. It’s sadly not that simple. In 2016, researchers discovered that all it took to trick some phone locks was an inkjet printer and special ink. 

Cracking the Galaxy S8 iris scanner.

Cracking the Galaxy S8 iris scanner.


And researchers have come up with more creative ways to bypass the fingerprint scanners. In 2017, a group of researchers from New York University and Michigan State University developed a set of so-called “master prints” that successfully unlocked phones 65 percent of the time in a simulation. 

And, of course, there is always the unlikely risk of being forced to unlock your phone by the law — or legally sanctioned coercion. As The Atlantic reported in 2016, U.S. judges can order suspects to unlock phones using fingerprints, but they can’t force you to divulge your password to unlock the same phone. 

Face scanners have proven to be even worse. Samsung’s Galaxy S8 face unlock was tricked with a photo. OK, well, surely iris scans are better? Hackers reportedly got around those too, and all it took was a printed photo and a contact lens.

So, to recap: Biometrics are easily hacked, and users can be compelled to unlock phones with fingerprints in a court of law. 

It seems that when it comes to securing your device, the best bet is actually an alphanumeric passphrase. And guess what? Apple totally lets you set one of these up!

Locking things down.

Locking things down.

Image: mashable

Sure, it takes a little longer to unlock your phone, but just like every other digital habit you’ve developed over the years, it becomes second nature quickly enough (trust me on this). And anyway, what’s a little delay when it comes to securely protecting your device? 

The convenience of biometrics makes fingerprint, face, and iris scans seem like a good option, and it’s definitely better than no protection at all. However, you may reevaluate the tradeoff of ease for security when some nefarious character snaps your photo and then has his way with your data. 

So disable Touch ID, get a strong alphanumeric passphrase, and don’t look back. Your personal data will be way more secure.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003