Recently, both Apple and Google have come under criticism for a setting that allows a person to reset their account for a phone once the phone is unlocked.
The Android details is that you can use your unlock method to complete a challenge that will allow you to reset your Google password. This would give someone who has your phone access to your Google account if they know how to unlock your phone. Of course, they had to know how to unlock your phone to even get there.
Many people consider this to be a bug or bug. It is not. I’m not too keen on the idea of automatically making every phone I’m signed into a trusted device, but this is a convenience setting and not a bug. Keeping others off your phone and your personal affairs is more important to Google than making everything more accessible once you’re logged in. It’s a typical compromise between convenience and security, and we see it everywhere in all businesses.
Basically, you can use features like this to keep things organized, or you can try to manage everything yourself without any help from your phone. Google knows which way is easier, and what’s easy ends up being what we use is safer.
It all boils down to one thing – you need a strong screen lock.
(Image credit: Alex Dobie/Android Central)
No one can tell you which screen unlock method will work best for you, but as long as you don’t rely on Android’s face unlock (unless you’re still using a Pixel 4), it’s pretty safe.
Yes, things like a six-digit PIN are more secure than a four-digit PIN, and using a password is even “better,” but what works best for you is which method you choose to use. For most of us, that’s a fingerprint and that’s good enough.
I know, I know, someone could chop off your finger or force you to tap the screen, but if confronted with the idea of losing a finger, most of us would immediately hand over a long, complicated password anyway. I would because I like to have all my fingers. I also add that a fingerprint is your username and should never be used as something you may need to change like your password. But it’s something people will use because it’s easy.
No screen locking method is 100% 100% secure, but the method you use is 100% correct.
Once someone is in your phone, you don’t just have to worry about changing your Google password. Someone with access to your phone has access to your email (which can also be used to reset your Google account password), your banking app, which likely uses SMS or email for authentication, your Amazon account, and the associated payment methods and everything else requires a cached password to make signing up easy and fast.
That pesky convenience versus security is everywhere, especially in your web browser. Again, it assumes that you control access to the actual device and use a strong unlocking method. Do you really want to log into Gmail, Twitter or Facebook every time you open the app? No you do not. Not even me.
(Image credit: Future)
I don’t expect Google or Apple to change things so that you can no longer use your phone to complete a security challenge. In fact, I see things moving in the other direction now that your phone is also a two-factor authentication key. What we need to do hasn’t changed.
Use a good password with uppercase and lowercase letters, numbers, and a special character like & or } or two for accounts that can be set up with a password. Use a different password for everything. Change your passwords regularly. Use 2FA with any service that allows you. Use a password manager if you need one. Make sure your screen lock isn’t easy to bypass.
One final piece of advice and one thing to remember is that Apple and Google have excellent software to track and remotely wipe a lost or stolen phone.
Make sure you try it at least once so you know it works, and don’t be afraid to use it to wipe a lost phone once you’re sure it’s been lost or stolen, and not just next to your car seat or in your desk at work.
Phone security isn’t hard and you don’t have to be anything special to need it. Someone will always be happy to pull that last $80 out of your bank or top up your credit card through Amazon if they can.
