Get Started Today!  (415) 295-4898

croom new

415 IT Blog

When Securing Your Smartphone, Some Options are Better Than Others

When Securing Your Smartphone, Some Options are Better Than Others

Today’s smartphones are equipped with assorted ways that users can authenticate their identity, from the now old-fashioned PIN to basic biometrics. However, while these options are available on a wide range of phones, not all of them are equally secure. Let’s look a bit closer at these authentication measures to find out which is most effective.

Does Mobile Security Really Matter That Much?

In a word: yes.

Look at how much we can accomplish with a mobile device. While we’re used to the capabilities that a smartphone offers, it wasn’t too terribly long ago that these capabilities were unheard of outside of science fiction. It wasn’t until 1996 that practical PDAs came about with the Palm Pilot, followed by Blackberry in 2002 and 2004’s introduction of HTC’s Windows phones that we had a taste of what a “smart” phone would look like. It was only in 2007 that the first generally-agreed-upon smartphone, the iPhone, was released.

Just think about the difference between the devices we have today, compared to those that preceded them. While these so-called “dumb phones” were not devoid of sensitive data by any stretch, they may as well have been in comparison to today’s devices.

Now, there are applications for everything, from money management to medical data to shopping and every other purpose imaginable, many of which contain or regularly access personal data. Therefore, it is so important for these devices to be secured… the method by which a user can unlock the device being just one tiny facet of these security needs.

Evaluating Your Authentication Options

Nowadays, the authentication options present on mobile devices are designed to combine the needed security with the convenience of the user. Yet, since they aren’t all equally effective at securing the device, you need to be selective about the authentication method you use.

Let’s go over the options your device may offer and see which one is the best for your security.


We’re all familiar with these authentication measures, as they’re generally the baseline authentication measure for any device, including mobile devices. They also help prevent other authentication proofs from being put in place without the user’s approval. While these security measures are far from impenetrable, they are secure enough to serve as the basis for sufficient security. This is, of course, provided that the user is responsible when they set them.

That said, many users don’t act responsibly as they should, leaving their mobile devices relatively insecure. A study conducted in 2012 revealed that the PINs people used were often of personal significance to them, were composed of repeated digits, or (most amusingly) featured the number 69. Other common numbers were those that could easily be typed in sequence, like 1234, 7890, and the like.

Another study showed that increasing the length of the PIN from four numbers to six rarely added any security benefits, again because of the user. Apparently, the added length makes the user feel more secure by default, and by doing so, gives them the comfort to slack off in how secure their PIN is.

Naturally, assuming the user has the patience to retype their password each time the device locks, this option is more secure than a PIN. Regardless, these options are generally accepted as the most secure option right now.


Thanks to the hardware and software that our devices now support, users can now use their physical attributes to confirm their identity, as biometric authentication has risen in popularity. Naturally, the different methods that make up biometric authentication aren’t as consistent as many would assume.

Fingerprint Sensors: The first phone to have a fingerprint sensor—the Pantech GI100—first launched in 2004, and with the Toshiba G500, the fingerprint sensor became a mainstream inclusion on smartphones. This isn’t expected to change, with projections predicting that 90 percent of devices will still have a fingerprint sensor in 2023, as compared to 95 percent in 2018.

Fingerprint sensors come in many kinds, which does impact their security somewhat. For example, Samsung has started to incorporate sensors under the screen to enable a three-dimensional image to be captured. However, this inherently secure technology can be undermined using a screen protector, as the screen protector can actually lead to any fingerprint being accepted. There is also the concern that fingerprints can be harvested from another source and transplanted to the device to unlock it, so the user needs to prioritize making sure their device is properly acclimated to their unique print.

Iris Scanning: Currently, iris scanning is seen as the most secure biometric authentication, as the iris is even more unique than a fingerprint. While these capabilities are currently present in many devices, many users don’t use them. This is generally because it takes longer to scan the iris, as the user must direct their gaze to the sensor.

Facial Recognition: Fingerprint recognition has begun to be replaced by facial recognition capabilities, particularly with the rising prevalence of full screen displays. With a decent software installed and a good set of reference data, facial recognition can make unlocking a device effectively effortless. However, that’s assuming that the software is good and that the reference images are good. If these images have blights like glare on them, it is harder for a user to unlock and easier for a hacker to crack.

Pattern Passwords/Knock Codes

Finally, we’ve come to the least secure option of all. Many Android devices offer the user the option to tap a pattern of their choosing on a grid to unlock their device. Multiple studies have disproven the security of this method, simply because it isn’t too challenging to figure out a user’s pattern.

In one study, it was found that 65 percent of the 351 participants involved created a code that followed Westernized reading patterns, starting at the top-left and progressing to the top-right. Increasing the size of the grid only led to users selecting shorter patterns. Many patterns proved common amongst the participants as well:

  1. An hourglass: top left, top right, bottom left, bottom right, top left, top right
  2. A square: Top left, top right, bottom right, bottom left, top left, top right
  3. The number seven: Top left, top left, top right, top right, bottom left, bottom left

To top it all off, the researchers found that knock codes were rapidly forgotten. 10 percent of the participants had forgotten their selected code by the time the 10-minute study was over. Plus, they’re slower: knock codes took five seconds to input, while a PIN takes four and a half.

Don’t Skip Securing Your Mobile Device

If you’ve made it this far, you’re likely a smartphone user, and as such, it plays an important part in both your professional and personal life. As you have probably gathered, you can’t afford to short-change any aspect of your security, down to the way you unlock your mobile device.

415 IT can assist you in ensuring your business’ technology is adequate for your purposes, and that it has the necessary protections surrounding it. To learn more about our services, reach out to our team at (415) 295-4898 today.

Your Business Needs a Well-Structured Mobile Devic...
Tip of the Week: Two Kinds of Best Practices for R...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, September 21 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Productivity Technology Best Practices Business Computing Data Backup Data IT Support Network Security Privacy Hosted Solutions Cloud IT Services Efficiency Data Recovery Software Internet Email Business Managed IT Services Malware Innovation Outsourced IT Small Business Collaboration Business Management Hackers Google Tech Term Cybersecurity User Tips Cloud Computing Upgrade Hardware Phishing Business Continuity Computer Windows 10 Microsoft Managed Service Smartphone Mobile Devices Communication Workplace Tips Mobile Device VoIp Quick Tips Android Paperless Office Ransomware Backup Disaster Recovery Managed Service Provider Covid-19 Smartphones Encryption Communications Data Management Office 365 Business Technology Saving Money Remote Work Server Browser Managed IT BDR Network Remote Monitoring Artificial Intelligence Windows 7 Users Vulnerability Healthcare Social Media Holiday Compliance Internet of Things Wi-Fi Passwords Document Management Data Security Applications Save Money Blockchain Help Desk Facebook Chrome Managed IT services Miscellaneous Microsoft Office Laptops Government Vendor Management Information Automation Avoiding Downtime Project Management Antivirus Two-factor Authentication Redundancy Scam Virtualization Employer-Employee Relationship Office Health Processor Analytics Tip of the week Bandwidth Hard Drive RMM IT Management BYOD Gadgets Storage Router Customer Relationship Management OneDrive Training Proactive Data Loss Meetings Machine Learning Infrastructure Maintenance Software as a Service VPN Mobile Office Website Company Culture Employee-Employer Relationship Files Access Control Virtual Private Network IoT Mobility Regulations Apps Windows Server Management Payment Cards Flexibility File Sharing Mobile Security Word Unified Communications Information Technology Patch Management Data Breach Data Storage Assessment Managed Services HIPAA Utility Computing Gmail Professional Services Bring Your Own Device The Internet of Things Cooperation Monitoring Network Management Risk Management Social Network Alert Money Remote Worker Consultation Financial Net Neutrality Remote Monitoring and Management Operating System Tablet Time Management Recycling Password Dark Web Augmented Reality Electronic Health Records Networking Internet Exlporer Employees Smart Technology Consulting Downtime Search Instant Messaging Co-Managed IT Computing Unified Threat Management File Management Managed Services Provider Remote Workers Management Asset Tracking Backup and Disaster Recovery Business Telephone SharePoint Solid State Drives Mirgation Data Warehousing Read Only Security Cameras PCI DSS Voice over Internet Protocol Projects Mobile Computing Technology Tips Mail Merge User Error Value of Managed Services Wearable Technology Star Wars Distributed Denial of Service Point of Sale Tech Terms Remote Working Superfish PowerPoint Display Spam Enterprise Content Management Legislation MSP Finance Virtual Machines Teamwork App Specifications Biometric Cybercrime Cyber security Identity Theft Enterprise Resource Planning Conferencing Human Error IT Assessment Websites Downloads Options Telephone Cache Operations Printing Return on Investment Geography Digital Payment Hotspot Credit Cards Address WiFi Managed IT Service E-Commerce Theft Budget Social Networking Authentication Shared resources Going Green Screen Reader Black Friday Electronic Medical Records Gamification Database Management Identity Language OneNote Permission Digitize SaaS 5G Mobile VoIP Remote Computing CRM Techology Settings Personal Information Modem High-Speed Internet Mouse Computers Manufacturing Vendor Tech Support Break Fix Features Virtual Assistant Bitcoin G Suite Authorization Technology Laws Batteries Smart Tech Cyber Monday Staff Touchscreen Hacking GDPR Mobile Permissions Politics Windows Server 2008 Computing Infrastructure How To Test Shadow IT Emergency Multi-Factor Security Wireless Internet Big Data Microsoft Excel Private Cloud Content Filtering Outlook Disaster Resistance Transportation Active Directory Development Holidays Heating/Cooling Printer Smart Devices IT Technicians Cost Management Procurement Wasting Time Current Events Motherboard Chromebook WPA3 Unified Threat Management CIO applications Connectivity Outsource IT Trending Google Calendar Fraud Cables Alerts Outsourcing Statistics Employer/Employee Relationships Apple Migration eWaste Bookmarks ROI Remote Shortcut Proactive IT Windows Server Cookies Fleet Tracking Zero-Day Threat IT Servers Hard Disk Drives Sensors Virtual Reality Cyberattacks Social Peripheral Database Vulnerabilities Travel Firewall Mobile Device Management Laptop Lenovo Notes Managing Stress Customer Service Optimization Nanotechnology Wires Comparison Licensing Wireless Video Conferencing Bluetooth Samsung Proactive Maintenance Solid State Drive Chatbots Favorites Banking Recovery IT Consulting User Management Marketing Daniel Stevens Printers Regulation Education Twitter CEO Students

Latest Blog

Did you know that, as of July 2020, 69 percent of global desktop Internet users utilized Google Chrome as their browser of choice? With such a large market share, the security associated with Google Chrome is important to keep in mind. To help increase some of this awareness...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...