Better lock screen

Better lock screen: a reader asks…

I have a Verizon Samsung Galaxy S5 smartphone. Instead of a 4-digit PIN, I draw a pattern on the phone to unlock it. Is this safer? Does the shape matter?

The first question I’d ask you back: do you have your phone set to wipe if the wrong unlock shape is tried too many times? Verizon calls that “Reactivation Lock Antitheft” and it should come pre-installed and configured. You can turn that off (and many people do, although their reasoning is imo faulty). More than a PIN, a pattern or a passcode, this auto-wipe feature will make sure that if your phone is stolen, the thief can’t get your data.

Now that we’ve got that out of the way (and you’ve got the auto-wipe feature turned on), let’s take a look at the relative safety of different methods you can use to lock your smartphone. First thing to consider is that no matter which type of lock you use, anyone can get past it. For example, they can look over your shoulder as you type or swipe. If you use a fingerprint, they can knock you out or force you to press your finger to unlock the phone. No matter what you use, there’s a way around it. But hiding your swipe from prying eyes will go a long way to keeping your phone safer. If you keep your smartphone screen clean of fingerprints and the oil from your fingers, that can also make it harder for someone to guess your pattern.

For your 9-point pattern, you can draw any shape that bisects at least 4 of the 9 points. Obviously more points is better, and complicated shapes are better than simple shapes like a U, C, O, or N. Reversing course and going over a previously covered point is good as well, it obfuscates the potential finger oil trail on the screen.

When it comes to guessing your PIN, passcode or pattern, the level of complexity is is often touted as an important factor by many security consultants. The arguement goes like this: A standard 4-digit PIN can have about 10 thousand possible combinations that could be used. A 4-9 point pattern like you’re using on your smartphone gives you close to 400 thousand possible combinations. Sounds like a big improvement, right? But even a 5-character alphanumeric passcode beats both those out by a long shot – there are close to 6 billion possible combinations. So these consultants push an alphanumeric passcode.

But this flies in the face of the fact that if your auto-wipe feature is turned on, a thief only gets 10 tries to get it right, then the phone is wiped and can no longer be used. And both Google (maker of the Android operating system powering your smartphone) and Apple (powering the popular iPhone smartphones) are constantly refining their smartphone lock systems to thwart thieves.

So after all this, the chance that whatever pattern you are currently using is good enough. Anyone truly determined to get into your phone can do so, but the chance of someone really wanting into your Android-powered smartphone is small. Unless you’re a high-profile and/or public figure, in which case your IT support folks should be guiding you towards a more secure solution.