I still remember when Apple launched the iPhone 5s in September 2013. It was the first smartphone to house a fingerprint scanner on the home button that was a commercial hit. Nowadays, you will find a touch ID on pretty much every budget smartphone from Chinese giants. It has become pretty much a standard, and everyone uses it. But should you?
Well, I use fingerprint to unlock a smartphone. It’s fast and convenient. However, I often wonder if it is secure. A Twitter user shared a video recently showing how a $2 smartphone cover was able to bypass the biometric fingerprint authentication. Scary stuff. You did think they have perfected the tech after so many years, but sadly, no.
Here’s why you should consider not using fingerprint scanner to unlock your Android smartphone. I can’t say much against iPhones at the moment due to lack of evidence suggesting otherwise. But some points remain valid for you guys too. You be the judge.
1. Samsung’s Stand
Samsung was quick to address the issue and released a statement via Engadget saying they are working to fix it. It is surprising how a simple transparent case can be used to bypass something so secure as a fingerprint. It’s supposed to be unique to each individual and impossible to breach.
But are they? Should you rely on biometric security if you have to protect your smartphone? Is it safe than a PIN or password, which takes more time to enter? The answer is no, and I’ll explain why.
Also on Guiding Tech
2. Easy to Bypass
Let’s say you are someone important. If I want to access your smartphone using biometrics, like a fingerprint, I can force you, knock you out, cut your finger and stick it on the scanner for unlocking your smartphone against your will. Yes, I got these ideas from Hollywood movies, but it's not that difficult if someone is desperate.
I once unlocked my friend’s Android smartphone when he was asleep to make a prank call. Well, he was not happy. My argument? At least, I didn’t cut your finger in two! Google Pixel users are facing a similar problem, and the company is working on a fix.
Sure, PINs and passwords take more time and are a hassle when compared to biometric authentication like IRIS, facial, fingerprint scan, but also more secure. Do you want my password? You will have to beat it out of me. Again, not a pleasant scenario, but at least, I have more control and in most cases, will survive.
3. Laws of the Lands
Depending on where you live and what laws you are governed by, things will be different for you. In the US, the citizens are protected by the fourth and fifth amendment. I’ll make it easier for you. You cannot be forced to unlock your smartphone unless you are arrested, there is probable cause, police have a search warrant, or you consent to a search, willingly. You have some protection against self-incrimination and unlawful search and seizure.
That means, the police cannot force you to unlock your device in the absence of all of the above. However, that will happen only if you are using a PIN or a password. If you are using a biometric authentication like a fingerprint or facial or retina scan, the police can force you to look at your phone or touch the touch ID sensor. The 4th and 5th amendment doesn’t offer any protection against that. You didn't know that, did you?
Also on Guiding Tech
4. What Happens When You are Hacked
Talking about compromise, hackers have known this for some time now. They also know what’s at stake and are actively looking for new ways to bypass biometric authentication like fingerprint scanners and facial scans.
That’s an interesting thought, isn’t it? If your password is compromised, you can change it. You can use something that’s longer, more complex, and difficult to guess. If your biometrics like fingerprint or retina scan is compromised, how would you change or update that? That would be scary, impossible, and frustrating.
We are talking about everything that sits inside your smartphone, like emails, banking apps, images, videos, and so on. We are using fingerprint to unlock password managers too.
You Can Employ Better Security
Once the damage is done, all you can do is control it. That's why its called damage control. Prevention is always better. PINs and passwords, coupled with 2FA, is more secure. Using a smart combination might save your data and your day.
Next up: Using fingerprint on your computer too? Learn how Synaptics can help secure your computer better. Just like a bank's vault.