Thursday, October 8, 2015

Android Lock Screen Security

If offered a choice between security and convenience, what would you choose? Many people would choose convenience over security because security can be very inconvenient and people just don't want to deal with that. But sometimes you need to sacrifice convenience to protect yourself.

The lock screen is the gateway to your Android device, just like the login screen is the gateway to your laptop. Many people overlook the importance of locking it down because it is inconvenient or they are ignorant. Would you allow your laptop to display your emails on the lock screen of your computer? Would you secure your laptop with a four digit PIN? Probably not, and your phone is no different.

Here are some tips for securing your Android lock screen:

Use a Strong Password instead of PIN or Pattern

In your security settings, you can choose to enable a Screen Lock. Android offers many choices for a screen lock including Swipe, Pattern, PIN, Face Unlock, and Password. Of these choices, using a strong password is the best and most secure option available to you. Patterns can easily be compromised by tilting the device and viewing the finger marks. Additionally, people tend to use patterns related to them (i.e., William using "W" for his pattern) and simple to guess patterns. PIN's are also a bad choice because the are short and only contain numbers. With passwords, you can create a strong password which is not bullet proof but is definitely more secure than a pattern, PIN, or facial recognition. Refer to my previous post "How to Create Strong Passwords" to assist you with this.

Automatically Lock - Immediately

In the security settings, under Screen Lock, there is an option to "Automatically Lock". This should be set to lock "Immediately". Why does this matter? Well, lets say your phone is set to lock after 5 minutes rather than immediately. This means when you lock your screen you can unlock your phone again within 5 minutes without entering your password. So what happens if you set down your phone and someone steals it? If they access your phone within that 5 minute time period, the thief will be able to remove the security, access all your apps and resources, and ultimately own your device.

Hide Sensitive Notification Content

Android notification content is displayed on your lock screen by default (starting with version 5.0). This means each time you receive a text message for example, you can read some or all of the message right from your lock screen without even unlocking your phone. Pretty convenient but what if you receive a text message for accessing your online bank account? Or what if you receive a confidential text message from your work? If your phone displays this content on the lock screen, anyone can view it by simply picking up your phone. You want to change this setting to "Hide sensitive notification content". This will allow you to continue receiving notification content on you lock screen but it will hide the content form text messages, emails, and other notifications that may contain sensitive information. You can change this setting under Sound & Notification in your phone settings.

Google has been working on improving the overall security of their Android operating system to provide security by default and security without the expense of convenience. Though they have made good progress, there are security settings that remain a choice for the end user. It is important that you review these settings and make good decisions when it comes to security. Use good judgement.