Should You Use a Fingerprint or a PIN to Lock Your Phone?

When you're first setting up your phone, you may have the choice of unlocking it via fingerprint or a PIN code. Prints are unique to you, and it's impossible for a hacker to guess what your fingers look like, but does that make fingerprints more secure than PIN codes?

Let's compare the two and see which one is best for you.

When to Lock Using Fingerprint Phone Locks

Example of identification of fingerprint on a smartphone. — Vector illustration of identification of fingerprint on smartphone.

Fingerprint scanners are very popular on mobile phones right now. They feel secure and are convenient, but they're not perfect.

The Benefits of Fingerprint Phone Locks

The most significant benefit of fingerprint scanners is how they can't be leaked "over the shoulder." Someone could quickly look at your phone as you enter your PIN and learn your code, but they can't do the same with a fingerprint. As such, fingerprint phone locks are the best choice against prying eyes. It's a simple way to improve your security.

It's also one of the quickest methods of authentication. If you're always unlocking and locking your phone, entering PIN code can get annoying. Using a fingerprint scanner is the quicker and easier option for chronic phone-checkers.

Fingerprints are also fantastic for people with bad memories. Forgetting a PIN is annoying, but it's impossible to misplace your fingers. This benefit means fewer lock-outs from your phone and less time spent trying to hack your way back in.

The Drawbacks of Fingerprint Phone Locks

It's easy to believe that your fingerprint, being unique to you, would be uncrackable by anyone. However, several researchers and hackers have come up with ways to get around the fingerprint sensor.

Back in 2013, Germany's Chaos Computer Club took a high-resolution photo of a fingerprint from glass and used it to make a latex reproduction of the print that could fool the sensor.

It's likely that other methods are out there that have been less well-publicized.

When to Lock Using PIN Codes

An example of entering a PIN code into a smartphone

PIN codes aren't as advanced as fingerprint scanners, but they're present on every smartphone. They've withstood the test of time and maintained their position in smartphone security for a good reason.

The Benefits of PIN Codes

The benefits of PIN codes depends on the phone. For example, the iPhone at the center of the FBI/Apple spat (the one belonging to Syed Farook, one of the San Bernadino shooters), had a security feature enabled that erased the contents of the phone after 10 incorrect tries at the PIN.

If you have something like this on your phone, anyone trying to crack their way in would have to have some excellent guesses to make it work. If not, they're out of luck unless they can hack it another way.

Also, unlike a fingerprint, PIN codes are changeable. If someone created a recreated model of your print, there's not much you can do to protect yourself. As soon as a PIN code is compromised, you can set a new one and forget the old number.

The Drawbacks of PIN Codes

Without extra security features, cracking a PIN is only a matter of time. It could be a very long time, but with an infinite number of guesses, any person or computer would eventually get it.

There are only so many different four- or six-number PINs you can create. Pattern locks are stronger than PIN codes in this regard, but unfortunately, research showed that pattern codes aren't very secure.

Even with protection against a brute-force guessing attack, someone might be able to get in if they're highly motivated. There was a hack for the iPhone which powered it off after an incorrect PIN entry, so the wrong-guess counter didn't increase. This attack took advantage of an old bug, and wouldn't work anymore, but it shows that no system is perfect.

The point is, however, that someone could conceivably guess your PIN, whereas no one can guess your fingerprint. If a thief stole a phone without brute-force PIN protection, they will eventually crack it; however, it's not so clean cut if it's locked with a fingerprint.

How Fingerprint Phone Locks Are Subject to Court Orders

Whether you choose a fingerprint or a PIN code (or even both) to protect your phone also depends on who you want to keep out of it.

If you don't want a random stranger picking your phone up off of the table at a coffee shop and accessing it, either will work just fine, and a fingerprint might work better. Either method should keep prying eyes out while you go through the ways to find your lost or stolen phone.

But if you're worried about government access to your phone, you might want to reconsider. Judges in the US have generally held that giving up a PIN or a password could be a violation of the Fifth Amendment, but fingerprints are not.

If your phone comes under court scrutiny, a judge could order you to unlock it with your fingerprint. If you want to limit knowledge of what you're doing to the NSA and keep the local police department out, then locking your phone with a PIN is a good idea.

Of course, laws will differ depending on the country, but it's likely that police forces and other governmental organizations would push for the right to unlock suspects' phones with a court order, especially if put in a situation similar to the one the FBI found themselves in with Farook's iPhone.

The Best Unlock Method for Smartphones

For the vast majority of people, a fingerprint will be the more secure way to go. Even with the 10-attempt erasure feature turned on, it's possible---however unlikely---that someone could guess your PIN.

Without the 10-attempt erasure, your PIN is subject to brute-force attacks which will eventually crack it. In comparison, it's impossible to brute-force a fingerprint.

Even if you do decide to stick with a PIN, it's highly unlikely you'll suffer an attack. Breaking a PIN code can be long, arduous, and expensive, and many hackers may not bother unless you're a high-profile citizen. As such, while fingerprints are safer, there's nothing inherently wrong with using a PIN code.

If, however, you're in the United States, and you're worried about the government getting into your phone, you may want to stick with a PIN. If you're an activist, journalist, or anyone else who might have sensitive contact information or communications on your phone, the law will be on your side if a member of law enforcement asks you to unlock it.

Fingerprints vs. PIN Codes: It's Up to You

Fingerprints and PIN codes have their advantages and disadvantages. While prints are the more secure method for your phone, that doesn't mean PIN codes are the smartphone equivalence to leaving the front door unlocked. Both are solid choices, and it comes down to what you want from your phone to decide which is best for you---though if security is a concern, you might want to buy a truly secure phone.

If you use an iPhone and decide to stick with the fingerprint, here are some apps that you can lock with Touch ID and Face ID.