Lockscreen

Security is important.  We carry a crapload of information in our phones, and with the world of NFC payments slowly becoming a reality, we'll be keeping even more in our pocket and in the cloud.  As we saw earlier today late yesterday, keeping things like PIN codes safe is tough with so many eyes out there trying to find a way around it.  Nobody should have been surprised, nothing is 100 percent secure.  

That's why it's always a good idea to use more than one way to stay safer.  You have secure tokens and password encrypted information on you phone, but keeping people from even getting that far is easy to do with a secure lockscreen.  Android is like Unix, and when someone gets to your homescreen, they're essentially logged in as you.  They can start any application that you can, and start any service.  If you're rooted it's even worse, they can grant super user privileges to anything.

On the other hand, having to unlock your phone every time you get an IM or e-mail gets old fast.  For someone who has never lost a phone, the idea of skipping secure methods seems sensible.  We're not going to argue, your logic is sound (even if others think differently) and it's your device to use the way that makes you happy.  But we're curious.  Answer the poll and let us know!

Thanks, Icebike!

 

 

Reader comments

Late-night poll: Do you use lockscreen security?

80 Comments

No one else touches my phone so slide to unlock is all I need. I tried using no lockscreen before but ended up making phone calls and opening up different apps while it was in my pocket.. no bueno.

i use widgetlocker's slide to unlock because it allows me to pull down the notification menu and i can check and open any e-mail or audio program that is misbehaving easily without having to enter any pattern or pin code.

now if i could do all that with a pin code active i would put it on. i'm paranoid that way even though no one touches my phone unless i hand it to them.

i bought and use gotcha! It auto sends me a picture and location of the fool trying to unlock my phone plus a bunch of other options.
pretty cool to when u ask your girl, why you mess'n with my phone?
she gets all in your face "i wasn't touching your damn phone"
you say oh really, whats this picture?

:)

That gave me a good LOL for this morning... thanks! I guess I need to watch my tone when I say "I wasn't touching your damn phone!" to my b/f in the future...

I use PIN lock occasionally, usually if I'm going somewhere where someone is likely to 'playfully' nick my phone and post embarrassing but otherwise harmless messages to facebook or to people in my contacts lists. This will typically be a party of some variety, so can be safely said to include times when I'm going drinking.

But 99% of the time? No, I'm sufficiently paranoid about keeping it on my person that I don't feel a need.

I use a pattern to unlock but to be fair colleagues and friends all know my pattern now as it's quite visible when you unlock it. I also got a simlock on my sim which for me is more important.

In the settings, you can turn off "visible pattern" so you don't have to worry about people seeing it.

Or if you're a weirdo like my ex... you can still figure it out since your finger leaves the trace residue on the screen. Main reason I don't use the unlock pattern option anymore. If he could do it, anyone can...

that's why you use a pattern that doubles back on itself so it's not so easy to figure out. Like if the top row is 1 2 3 you start with 2, go to 3, and come back to 1 (crossing over 2 and wiping that gesture) it also helps to not use straight lines or finish the move by running over to a dot you've already crossed.

There are ways to make the pattern more secure, either by design, or implementation.

If they gave quick access to the camera (like iOS and WP7), and the option to pull down the notification bar with a lock (both on ICS), I'd use it. I'd like to just see who called/texted me. To have me act on it, make me unlock it.

I like being able to set how long the screen has to be off before it locks the device. I don't think this is an option on stock ICS, but I may not have played with it enough. Slide to unlock is fine for me.

Stock ICS allows you to set a time to wait before locking if the phone goes to sleep. I have it set along with a PIN on my phone and tablet.

Glad to see this come up. I use a password, and it's complicated enough to be a pain. There is a better way -- I just haven't seen it for Android yet. I think there's a real opportunity here for a developer.

Before I go into it, let me say to those who don't think anyone will get their hands on your phone: it happens. We never plan to lose these things. We never plan to leave them in a car rental, or airplane, or on the table at a restaurant. But we do. If you don't keep anything you don't want people to see on there, no big deal. If you do, think about it.

I really, really wish Android had something like my old Palm had: the ability to have both a short password and a long one. Here's the deal:

1. You create a really easy, really short password or pin. 2, 3, maybe 4 characters. But for that password to work it has to be entered exactly right the first time within a few seconds from when you type the first character. That makes it unlikely your significant other, coworker, or BFF-not will be able to poke at it and get it right.

2. You create a longer, more secure primary password. If the short one isn't entered right the first time (or the first two, if you like), then the device can only be opened with the long password.

Because you have the short password and entering it and firing up the phone is no big deal, you're likely to use it. (Right now, many don't because of the hassle.) Because of the limitations on the short one, it isn't likely to be broken. Because you use it all the time and will usually get it right and won't need the long one, you don't mind making a good secure long one.

I have to tell you, I loved that on the Palm. Didn't have it on the Blackberr and haven't found it yet for the Android. If it's out there, please tell me. If you make it and charge a reasonable price, I'd gladly pay for it.

Yea I left my phone at a gas station once I was eating and you know what hit me too quick and I forgot to grab the phone 15 mins later some ass hole stole my phone it was my first carrier plan phone Sony ericcson w789??? something on at&t this was before android existed even then I hated apple I took a good look at that first iPhone and smelt evil but yes I lost all my music some pictures my contacts he makes a good point people PIN LOCK IT SIM LOCK IT IF YOU GOT SONETHING SENSITIVE ON THERE IDE RATHER IT BURN AND DIE ALL MY STUFF BACKED UP REMEMBER KIDDIES SYNC YOUR PHONE ALL YOUR CONTACTS WILL BE STORED BY GOOGLE FOR YOUR GMAIL AND ALL PAID AND INSTALLEDAPPS FROM THE MARKET ARE BACKED UP AS WELL PHOTOS MUSIC FIND A CLOUD SERVICE BUT STILL IT COULD BE YOU EATING AT A RESTERAUNT GAS STATION AT A BBQ ANYWHERE ALL A SUDDENYBYOU GOTTA GO FORGET THE PHONE OOPS

I voted other as I have a hybrid system.

"Lock screen" is widgetlocker with no security (basically looks like ICS with shortcuts).

If someone wants to use the web or make a phone call you can but beyond that all my other apps are secured with Smart App Protector (market app). This allows me to specify which programs are locked down with a PIN (or anything else you want). Any of my superuser programs, settings, mail, etc. you have no access to them.

If I lose my phone I use Phonelocator (installed as a system app) to remotely lock device down and to stealth activate GPS to locate.

Using both I feel pretty comfortable with how it's setup. Anyone can pick it up for basic usage but beyond that you can't snoop and you can't alter settings on my device.

Here's the two excellent programs IMO...

https://market.android.com/details?id=com.sp.protector&feature=more_from...

https://market.android.com/details?id=com.rvo.plpro&feature=search_result

My wife seems to have early alzheimer's and my daughter thinks "oh nobody is going to take my phone. So at her birthday party we all had our phones charging at my charge station. We all went outside with everyone else and when someone went to check their phone, 7 of the ten handsets were missing.
The only ones left were my Evo 3D and two iPhones.

Its going to cost my wife three times what they paid just to get the same handsets over again, and the experience helped them to understand that just because you bought them for a low price, it doesn't decrease their value to someone who knows their real worth.
Now they understand why any unlock code is a must, and why I always leave my GPS on.

You are correct to recommend using some password. However, for the currently lost phones, you amy want to try using an app called AndroidLost. You can send an SMS to turn the GPS on with it. Then another message to wipe the data or ask it to send you location info.

I use a pin, I know its not the most secure but its good enough for the passing by people and the occasional thief.
as it is if the thief is good enough he will know how to extract the data using titanium and other methods.

+1 I think the fingerprint scanner on the Atrix is the best security implementation on a phone to date! I've seen more complaints about it than praise, but it is way better than having to look at your device and type a pin or password. There were some Atrix users who said it was slow but that is nitpicking. Yes it is slower than slide to unlock, but then again slide to unlock does just that. The finger print scanner actual compares your swipe to what it has stored and then unlocks the phone if it matches, so it will be a second or two slower. I don't mind the extra second or two to know I'm always secure. It is still way faster than typing in an actual password, and I can do it without looking.

Yes I love the security of the fingerprint scanner. But it looks like it hasn't caught on with newer models and manufacturers.

I really wish it would catch on! Honestly the only people that wouldn't love it are the ones posting in here about how they use slide to unlock, nothing, or some app that locks access to certain apps. The fingerprint scanner is the highest amount of security, with the least amount of trouble for authorized access.

<3 fingerprint scanner. And for what it's worth, I rarely have any trouble with my Atrix's scanner. If I do, like it's not unlocking correctly with my usual right index finger, I use my left one and it unlocks. But, again, this issue happens very rarely.

Using the pattern is fast and easy and hasn't gotten old for me. Any security can be beaten but this keeps my phone secure in most situations.

After losing two GSII's I use my pattern lock all the time.

Simple swipe to lock removes the does nothing for the potential good in strangers who find your phone.

i use a Pattern lock.

I WOULD switch from Pattern to PIN for the main lock on the phone but what annoys me is having to hit the "ENTER" button after the PIN every time. DOES THIS ANNOY ANYONE ELSE? perhaps there's a security reason for this but it's really annoying so i use Pattern instead of PIN. i wish Google would consider changing this.

YESSSS! What I want is to be able to have the standard ICS slide to unlock screen + 4 digit PIN without having to hit enter! That would be perfect. If anyone knows how to make this happen please let me know.

Google won't consider changing that because its much more secure this way. iOS doesn't require the enter button because its preset at 4-digits only. This means that any attacker knows exactly how many digits are required making it much easier to guess, especially if there's four smudges on the screen. Google's system allows the user to select how many digits are in the PIN, which is MUCH more secure, but that requires some method to indicate that you're done entering.

the real question is - what is easier to guess - a Pattern Lock or a 4 Digit PIN?

or are they the same?

I use the finger print scanner on my Motorola Atrix. I don't always use it, but when I go out of town or something like that I always turn the lock on.

I am not using a pin for the lock screen but for added security and convenience, a finger print scanner that can be used for unlocking would be perfect. You take your device out, put the finger in place and when it´s been verified, the screen lights up and shows you the lock screen (or the home screen depending on settings).

In that way, the unlocking is hassle free and very similar to the no-pin method but much more secure.

For added security, face unlock etc could be combined - i.e first a fingerprint scan, then the lock screen shows up and the face scan takes place, then unlock.

The fingerprint method should also be used when the device is powered on or restarted.

I think it´s time to make finger print scanners mandatory and fit them as standard to the devices, especially now when Google Wallet and NFC is here.

CM7 has a nifty gesture unlock. Mine is so cryptic it is as good or better than any pin or password as it cannot be brute forced.

I lock my phone with a PIN (after 15 min inactivity). While it's rarely ever out of my site, it's at least a measure of security if it's lost or stolen or just to keep family or friends from messing around with it. No need to allow anyone unfettered access to my e-mail and contacts. I do the same on my home PC's as they're password protected and the screensaver locks em after 15 minutes of inactivity if I don't manually lock them first. Sure it's a bit of a pain, but if you want a little security, you have to give up a little convenience (they’re directly proportional).

I would love this feature. I don't use anything because I am always messing with my phone and entering the pin is annoying. The pattern lock can be cracked easily if you don't wipe your screen. I wish CM7 had this 15 minute delay.

Edit - Cool, there it is in the cm settings ;)

Anyone who doesn't use some kind of lockscreen security on their phone is asking for trouble.

Anyone who justifies the lack of security with:

"I'm careful to keep it with me at all times"

"Nobody else touches it"

"I'll just lock/wipe it remotely with xyz app if it gets stolen"

... is adorably naive.

I chose no before seeing slide to unlock since I think of it as basically the same as far as security.

The "Slide to unlock" option in the poll is NOT a security method. It just prevents the screen from responding to touch input. It will not prevent someone from using your phone. They'll just slide to unlock like you do and use it.

I do a pattern unlock mostly as a wife deterrent. I figured it was a good idea after the second time she posted to my Facebook while I was in the shower.

Is there a security system that would allow some services to be accessed but not others? I would like to make the phone available, including contacts, while locking away everything else. I spend a ton of time on the road, and worry that I will be in an accident and it will be hours before my wife and family know if I lock the phone

look up at the older comments I already addressed that and it's what I do. Takes away the annoyance of having to unlock it every time I use it but at the same time the important areas are locked down.

Whatever happened to just going into your contacts and setting ICE (In Case of Emergency) contacts? That's how I have it set up on my Bionic. If I were in an accident and the paramedic tried to unlock my phone, he/she would be prompted for my pattern. Underneath it are two buttons...on the left, it says "Emergency Call" and on the right, "Emergency Contacts". They can hit the "Emergency Contacts" button to call my husband, my mom, or my dad. No fuss, and it doesn't require you to enter a pin or pattern to access every single app that you set to be protected.

Call me paranoid, but I use widgetlocker with an invisible slide to unlock, plus a pattern lock. When I'm home, I use Unlock with Wifi to prevent my having to unlock anything. As soon as I get out if Wifi range, it locks. I also have Lookout and SeekDroid to remotely lock and wipe if needed.

Used pattern lock for about a week two years back, then switched to PIN lock. Been there since. More than 4 digits. At least for me PIN lock and pattern lock have the same pitfall: fingerprints on the screen. I always keep my screen wiped free of prints. At times it would be easy to guess the digits (obviously not their order though). With 4 digits, there are 4! possibilities, right? 24. An 8 digit pin has over 40000 possibilities. But really, how secure is the PIN? If someone has physical access to the phone and "unlimited" time, can't they get at the data anyway? Hopefully by that time I would have changed my Google password and remotely wiped the phone.

app protector pro for individual app locking installed onto system root. I'm sure it can be bypassed but for typical day to day or nosy crowds around me, my private stuff stays private.

Not having some kind of password/pattern lock on a phone is foolish. Think of all the personal information that lives on it. Contacts, calendar, access to facebook, phone logs, SMS, the ability to buy apps on the android market, everything. I actually don't think I have another device that I own that has more of my personal information stored on it. I'm the only one who ever uses my phone, but all it would take is leaving it alone by mistake for 5 minutes for it to disappear. I use seekdroid so I can remote wipe it if that ever happens, but like I said, all it takes is 5 minutes.

Just stop and think about how much personal information lives on your phone. It's actually mind numbing, and anyone who thinks that it should be ok to not protect that information deserves what they get.

That being said, Android really needs to do what iOS has done and given access to the camera while locked with a pattern or password. IT's kind of crippling.

If Android and Google didn't keep so much effing history info, I wouldn't have to.

Stop keeping my browser history! This includes visited pages, downloads, searches, all that. If I want to find something, I will find it. I don't need traces all over my effing phone.

Can't be bothered with screen locks it's too much work every time I want to use my phone, I do have Cerberus installed so I can wipe the phone if I lose it, I know it's not the best but I'm very careful with my phones, in my 15 years of owning a cellphone, I've never lost one.

with the immediate no-delay Pattern Lock i also put a PIN on my Dropbox App and i use "Lookout" free for GPS Find and Scream.

my sensitive data is stored on a password protected strong encrypted (128 Bit) MS Word 2007 Document stored in my Dropbox accessed by Docs To Go on phone and MS Word 2007 on the PC. so to get to this data they have to break through 3 layers of security.

I use App Protection. It allows me to lock the apps that I don't want anyone else to have access to without having to lock my entire phone. So if someone got a hold of my phone they would not be able to access things like my contact list, text messages, email, and even the browser if I select it as one of apps I want locked

I know. We live in a world where identity theft is a real thing that happens every day, and I can think of few things that would make identity theft easier than someone's phone. It is just foolish.

I'm hooked up to my company's enterprise email which requires the phone to be encrypted with a PIN. The PIN is a pain, I much prefer the pattern.

Anyone know of a way to bypass that and use a pattern instead? Maybe an app that let's me unencrypt on a reboot, but then use a pattern after that?

Running ICS, rooted.

No, Excahnge servers only know how to do PIN to unlock, and this is going to be a policy set by your company. IF you want to continue to receive email on your device you cannot change it.

Yeah, I figured ... maybe an app that would auto enter my PIN once I entered a pattern. Lol, seems like a long shot though.

I wish I could use a fingerprint!! That would be hella boss. But for my work exchange email they require a pin or password. I use a pin and change it about every 3 weeks to a month.

In addition to a pattern lock, I also use an application locker, called Seal. My phone is rooted, so any app that has access to make purchases or has SU granted is also password locked.

Yeah, its a hassle. No, I've never lost a phone. However, my house was burglarized a few months back and if they had gotten my phone in the haul they would have gotten all that access. Fortunately, they didn't get the phone.

Main reason I bought the Atrix4g fingerprint lock. And it actually works really well. Love it. Pin backup. Jm

I am forced to use a PIN because the Lotus Notes Traveler app requires it (it installs and requires administrative rights). This allows it to remotely wipe the phone if our IT admins need to do so. Otherwise I would be using slide to unlock.

While cm didn't support fingerprint scanner used pattern, so glad to have fingerprint reader back. Just wish I could use it to input my lastpass master password.

I use a pattern lock and I change it every month or so. The only drawback is the possibility of leaving a trail on the screen protector, but the anti-glare protectors made that a lot less likely.

Google needs to make face unlock faster. Right now, it's not faster than typing in a pin or sliding a pattern.

I know they've said they slowed it down. But why bother?