Face, finger, or iris? Which unlocking method is the most secure?
Facial recognition isn't anything new. It first arrived on Android with the Ice Cream Sandwich version, also known as Android 4.0. This feature uses the front camera of the device to take a photo of your face and then it uses that photo as a baseline to unlock your device. It has a questionable level of security, with more cons than pros.
One of the biggest problems is that lighting has to be ideal for the front camera to be able to take a picture of your face. This all depends on the quality of the camera and how your face is placed in front of it. There's a similar feature on the iPhone X, called Face ID, although the tech behind how it works it slightly differently.
This is my favorite option and the one I currently use on my phone. Obviously, how well it works depends on a few factors, like the quality of the sensor and its placement. Quality, in this case, means the speed that the sensor reads your finger. This varies a lot between devices, as well as its scratch-resistant surface. There are certain biometric authentication mechanisms which become faster the more you use them.
As for the placement, I prefer it on the front bottom part of the display, next to the power button, like on the old Xperia line, which to me, is very practical. I'm not a fan of the ones on the back, which is more common today but it's all subjective here.
As for security, this is probably the most secure method to date. That's because it's quite difficult for a fingerprint reader to be easily hacked. Furthermore, the sensors are developed to recognize body heat and blood movement of the user, which means you can't use a “dead” finger to unlock an Android.
Like facial recognition, I'm still not convinced about using an iris scanner to unlock devices. It basically does the same thing as the fingerprint reader, and it requires the device to have a second, registered password in case you can't get your phone unlocked. With the Galaxy S9 and Note9, the fingerprint and iris scanners cannot be activated at the same time. In other words, the second unlock method needs to be a PIN or an alphanumeric password.
Recognition varies according to lighting conditions and where the user's eye is positioned. The better readers won't slow down when recognizing a user's eye, even in low-light conditions.
The system that scans your iris also needs to be fully integrated into the reader so it reacts quickly and can't be hacked. Technically, this system is on par with the fingerprint reader in terms of security but loses out when it comes to usability.
Smart Lock was introduced on Android 5.0 Lollipop, and it's been updated throughout the latest versions. I don't really see it as a method to unlock your device but rather as a compliment to the one that you've already chosen. What the Smart Lock does is very simple, it unlocks – or better said, keeps your device unlocked – according to where you are, your voice, a device or a presence.
Choose your trusted locations, like your house or work, and when you get to those places, your device will be unlocked without having to use any of these methods. You can even use Bluetooth devices as trusted locations.
Currently, Smart Lock can also be set up so that it keeps your phone unlocked even when it's in your pocket. As I said, it's not really a method of unlocking your phone, but rather a compliment to one. Keep in mind that anyone can access your phone when you're in one of your trusted locations, or even connected to a Bluetooth device.
A PIN is the traditional combination of numbers, and the length depends on which version of Android you have. It's probably the main security option, distinct from the rest of the options presented here. PINs are also limited in their recovery if you happen to forget it. You'll probably have to spend hours and hours trying to unlock your device. I use a PIN on my Android as a compliment to the fingerprint scanner.
The pattern, or design, is a unique feature on Android phones and it's been around for a while now. You can use it combined with the PIN if you'd like, but it really is a decent security system by itself. There's only a certain number of times that you can try it until it locks you out for a few seconds. However, on some interfaces, a certain number of wrong attempts can lead the device to erase user data.
Something else that's curious about the pattern, and might be seen as a problem, is that your finger leaves the pattern on the display, which makes it easy for anyone to trace it. A combination of a greasy finger and a matte film will tell the world your password.
A password is the oldest unlock method there is, and it's seen as the most secure by many users. You can use any combo of numbers and letters to unlock your device. Recovery systems vary a lot but, in general, it can be just as hard to recover a password as it is a PIN.
Which method is best to unlock your Android?
The iris scanner, Smart Lock and facial recognition are all complimentary or secondary security methods, and as of right now, they aren't good enough to be used as the sole method of protecting your phone. This means that you'll have to register a PIN, pattern or password as your primary option. The iris scanner has another aggravating feature as well: restriction and availability. There are only a few models on the market right now that come with this feature.
The fingerprint reader is also a complimentary feature, but it's a feature which is available on most mid-range models, and its usability is very attractive. It also has fewer recognition errors. Nevertheless, you can count on the more traditional options, which are also the most secure, since they don't need a second layer of protection. In terms of both practicality and security, I'd stick with the PIN, password or pattern if I were you.
Which option do you use on your Android? Which do you think is the most secure?