Pinterest Stumbleupon Whatsapp
Ads by Google

When you’re setting up your phone, one of the choices that you’ll almost certainly have to make is how to lock it: should you use a fingerprint or a PIN? Going with a fingerprint seems like a really secure idea, because it’s unique and no one could guess it, but is that true? Is a fingerprint really more secure? Or is a PIN a better way to go?

Interestingly, there are a number of factors that go into answering this question. Let’s take a look.

Is a Fingerprint or a PIN More Secure?

You’d be forgiven for thinking that your fingerprint, being totally unique to you, would be totally uncrackable by anyone. It makes intuitive sense. And in a way, you’re right. However, a number of researchers and hackers have come up with ways to get around the fingerprint sensor Does the iPhone 5S Fingerprint Scanner Increase The Chance of Theft? Does the iPhone 5S Fingerprint Scanner Increase The Chance of Theft? The iPhone's new fingerprint sensor seems like a great way to use biometrics to keep the device secure and personal, but could the feature be used against the owner to circumvent existing protections? Read More .

For example, a group at Michigan State University recently took a 300 dpi scan of a fingerprint and printed it with special ink on glossy paper. They were able to use it to fool the fingerprint scanner of a Galaxy S6.

Back in 2013, Germany’s Chaos Computer Club took a high-resolution photo of a fingerprint from a glass and used it to make a latex reproduction of the print that could fool the sensor. Here’s video of this method in action:

Ads by Google

It’s likely that other methods are out there that have been less well-publicized.

So how does that compare to a PIN? It partly depends on the security features on your phone. For example, the iPhone at the center of the FBI/Apple spat Apple Refuses to Help the FBI, Popcorn Time Returns... [Tech News Digest] Apple Refuses to Help the FBI, Popcorn Time Returns... [Tech News Digest] Apple stands up for personal privacy, the original Popcorn Time gets resurrected, Kanye West learns the price of piracy, Sega gives games away on Steam, and play Pong on your Apple Watch. Read More (the one belonging to Syed Farook, one of the San Bernadino shooters), has a security feature enabled that erases the contents of the phone after 10 incorrect tries at the PIN.

If you have something like this on your phone, anyone trying to crack their way in would have to have some really good guesses to make it work. If not, they’re out of luck unless they can hack it another way.

iphone-pin-lock

Without extra security features How to Fix 5 Common iPhone & iPad Security Threats How to Fix 5 Common iPhone & iPad Security Threats New security threats prove that Apple devices are no longer "bullet-proof". IPhone and iPad owners need to know which threats they could encounter, and how to fix them if the worst happens. Read More , cracking a PIN, no matter how many digits are included, is only a matter of time. It could be a very long time, but with an infinite number of guesses, any person or computer would eventually get it, because there are only so many different four- or six-number PINs you can create (though if you can use a password or a pattern lock, the number of options that are available to you is exponentially larger).

Even with protection against a brute-force guessing attack What Are Brute Force Attacks and How Can You Protect Yourself? What Are Brute Force Attacks and How Can You Protect Yourself? Yyou've probably heard the phrase "brute force attack." But what, exactly, does that mean? How does it work? And how can you protect yourself against it? Here's what you need to know. Read More , someone might be able to get in if they’re highly motivated. The device below, for example, cuts the power to the iPhone when it makes a wrong guess so the wrong-guess counter doesn’t increase. This took advantage of an old bug, and wouldn’t work anymore, but it shows that no system is perfect.

The point is, however, that someone could conceivably guess your PIN How Safe Is Your PIN? [INFOGRAPHIC] How Safe Is Your PIN? [INFOGRAPHIC] Ah, the trusty PIN number, the 4 digits that separates you from your money. We use our bank PIN number in a wide variety of situations, whether it's taking money out of the ATM machine... Read More , whereas no one can guess your fingerprint. They could steal it, but there’s no way to guess it. So in that respect, a fingerprint is more secure. However, there’s a pretty big exception to that rule.

What the Law Says

Whether you choose a fingerprint or a PIN (or even both) to protect your phone also depends on who you want to keep out of your phone. If you don’t want a random stranger to pick your phone up off of the table at a coffee shop Was Your Android Phone Lost or Stolen? This Is What You Can Do Was Your Android Phone Lost or Stolen? This Is What You Can Do There are many good options for remotely locating your stolen phone, even if you never set anything up before you lost your phone. Read More and be able to get into it, either will work just fine, and a fingerprint might work better.

But if you’re worried about government access to your phone, you might want to reconsider. Judges in the US have generally held that giving up a PIN or a password could be a violation of the Fifth Amendment, which gives a person on trial the right to not incriminate themselves. Fingerprints, however, have not been given that same protection.

judge-orders-fingerprint

So if you’re in a court case where relevant information could be stored on your phone, the judge could order you to unlock it with your fingerprint. The government is monitoring everything on your cell phone anyway What Can Government Security Agencies Tell From Your Phone's Metadata? What Can Government Security Agencies Tell From Your Phone's Metadata? Read More , but if you want to limit knowledge of what you’re doing to the NSA, and keep the local police department out, then locking your phone with a PIN is a good idea.

I’m not sure what the rules are in other countries, but it’s likely that police forces and other governmental organizations would push for the right to unlock suspects’ phones with a court order, especially if put in a situation similar to the one the FBI found themselves in with Farook’s iPhone. If you have any insight into the laws in your country, please share them in the comments!

So What’s Best?

For the vast majority of people, a fingerprint will be the more secure way to go. Even with the 10-attempt erasure feature turned on, it’s possible — however unlikely — that someone could guess your PIN. But they won’t be guessing your fingerprint. And to break either of them with other methods is difficult and expensive, at least for amateurs.

If, however, you’re in the United States, and you’re worried about the government getting into your phone, you may want to stick with a PIN. If you’re an activist, journalist, or anyone else who might have sensitive contact information or communications on your phone, the law will be on your side if a member of law enforcement asks you to unlock it.

How do you secure your phone? Do you use a PIN, password, fingerprint, or some combination? Knowing what you know now, will you be changing to another method? Share your thoughts below!

  1. Randy Brower
    May 17, 2016 at 3:13 am

    I have nothing I would care about if the police or FBI wanted me to unlock it, BUT,l I absolutely HATE these worthless bums everywhere that steal things and sell them for cheap just to get some fast and easy money. Much easier than actually doing something in their meaningless lives. So because of these lowlives, I have an APP named PREY. It will do the same erase in as many times you want to go before doing so, but what's really cool is it takes a picture of the person trying to break into it and sends it and the GPS coordinates to your EM address and records it on their DB so you can log into it and look as well. (I have a desktop for checking the website. This info can be used by yourself and/or cops, and you can go retrieve the phone and/or arrest the bum if it was stolen.

  2. Heather
    May 16, 2016 at 10:18 pm

    Great article. I appreciate the insight. Personally, I'll always use a PIN. Of course any method *could* be hacked - eventually. As a woman, I'm actually a little concerned with a 'strong arm' situation. iPhones are a huge theft item her in Los Angeles. If you're jogging, riding your bike, or simply going for a walk - women are being robbed and beaten. I can imagine some moron forcing me to put my finger on my phone to unlock it. Creeps seem to be making us think about these things…..normally, I would never even think about such negative things, but people have gone crazy.

    • l_mckeon
      May 17, 2016 at 12:08 am

      The finger print is a replacement for the four digit pin. It's advantage is that it's easier to do so more people are likely to use it. BTW, wouldn't you comply with unlocking your phone if some thug was threatening you, regardless of locking method? That's preferable to being injured or killed.

      If you really want security you'd have to select a longer pin or mixed character password..

      • Dann Albright
        May 25, 2016 at 12:45 pm

        I_mckeon has a good point there; I can imagine that if you were in that kind of situation, having a PIN wouldn't help you a whole lot. That being said, because of the reasons laid out in the article about, you may want a PIN anyway!

  3. Mike Cornelison
    May 13, 2016 at 4:32 pm

    I have palmar hyperhidrosis, otherwise known as sweaty hands. Fingerprints are always a hit or miss proposition for me.

    • Dann Albright
      May 16, 2016 at 8:47 pm

      Yeah, I can see how that would cause a problem. There are probably a lot of people who can't use fingerprints consistently for various reasons; palmar hyperhidrosis, jobs where they get a lot of dust on their hands, people who need to wear gloves a lot . . . I'm sure there are others, too. And in those cases, going with a PIN is definitely a better option!

Leave a Reply

Your email address will not be published. Required fields are marked *