Why do you lock your smartphone?
I'm genuinely curious. I'm a late adopter FWIW and am still rocking an older iPhone that doesn't support any face recognition or finger prints. But I don't use a pass code either, and never have, and doubt I ever will. I just don't get it... what are folks afraid of happening if they don't lock their phone? I suppose the "nightmare" scenario would be someone steals your phone and then messages your contacts asking for $. Is that it?
I've always practiced greater digital security than physical security (counting the phone unlock as physical) as I think it much more likely that a ne'er-do-well would attack some large company than to single me out in person. I mean if the FBI or some hacker is going through my garbage then I probably have larger problems, right?
For me it's cost/benefit - swiping/fingerprinting/face IDing multiple times a day is not worth the slim chance that my phone is stolen by someone who going to use the info in it for something nefarious. I wouldn't lock my car if I was in/out of 20x a day, I just wouldn't leave anything terribly valuable in it.
Please let me know why locking your phone is/isn't important to you.
EDIT: To be clear, I have one banking app and it requires an additional password to get in. It's an app so there isn't a saved password for it anywhere.
EDIT2: Made this as a comment below, but thought I'd add it up here as well - "I find it strange that people in general seem to be OK with putting up with an inconvenience (even though minor to many) that affects them multiple times a day, but we hold large companies almost wholly unaccountable for major data breaches. "
EDIT3: This just occurred to me. We lock our phones, but not our wallets/purses. The argument that a pass-code is a protection against identity theft rings sort of hollow when we consider we have much of the same info on an ID card that we keep unprotected. Some states will even list the SSN on a driver's license.
EDIT4: I'm convinced everyone thinks their personal lives are terribly interesting to strangers and my suspicion is they're not. Only two real cases of bad things happening when a phone is unlocked that I've counted so far: 1) long distance calls 2) pokemon themed contacts.
EDIT5: That said, sounds like the fingerprint scanner is the way to go for convenient security. I'll be checking that out. Sincere thanks!
EDIT6: Some folks said that edit 4 came off as condescending. Not my intention. I was trying to tie in the idea of "everyone being the main character in their own story." I'm definitely not implying that people should leave their phones unlocked because others wouldn't find their lives uninteresting.
I think many have a personal connection to their devices that I do not feel. Intellectually I find that very interesting as this seems less a monetary issue and more a privacy issue. It'd be as if a stranger picked up a lost diary and started reading. I fear my diary would be more like a ship captain's logbook and wholly uninteresting. If I were to have my phone stolen I'd simply change a couple passwords and buy a new one.
Today, phones themselves are security devices. It is constantly logged into a number of accounts and it likely has a number of passwords saved on it. It's also used as as authenticator for 2FA. If you are the average person, someone stealing your phone and gaining access to it is basically identity theft.
I'm just not worried about a person IRL gaining physical access to a device to do this. I can only imagine the very low odds of that occurring.
What strikes me as more likely is someone having their id/pass stored in their web browser on their phone for a banking website. So that'd be bad.
This is why I use Firefox on my phone and encrypt the password store with a master password.
If you take no security measures, then someone who steals your phone has:
I'd like to know what password manager you use, or are you saying you just use the one built into FF?
The only concern I'd have is banking. I can't see anything else anyone could do that couldn't be simply explained with a message to friends like "hey I was hacked." The worst I've heard of is someone hitting up grandma or whoever for $ after making up a story about being trapped overseas. So again, not good, but unlikely at best.
I'm curious if you keep your wallet/purse locked as well (this just occurred to me as an inconsistency in the "keep stuff secure" mentality and not an attack at you or anything of that nature).
Email access is the key, in my opinion. A stolen wallet is frustrating, but ultimately fixable with a couple of phone calls. The financial loss is limited to whatever cash was in there, and once the cards are cancelled that's the end of it.
An email account, on the other hand, gives password reset access to most other accounts, as well as a wealth of personal information about spending habits, addresses, receipts, bills, account numbers, etc. Add a multiplier to that if there's a work email account on there as well as personal.
Just identifying everything that could be breached via email would take days, and even then there's the ongoing worry that something was missed, or that a key password or piece of private info is in someone else's hands.
Someone who has access to all of your private information has a way to answer all of the most common security questions you would have to answer to get access to your bank account.
Yes, just the one built into FF.
If my wallet is stolen I'll need to call my bank and let them know my wallet was stolen. Any purchases should be reversed. If my phone is stolen I can't call up my carrier and have them undo anything the thief did in the past hour.
You have very low odds of being in a car crash, or getting very sick if you're under 40. I assume you have insurance, or at least see the value of insurance? A second of inconvenience to unlock a phone is a small price to pay for piece of mind.
I think you're forgetting how much of a single point of failure a modern phone represents. My banking app always requires an additional login. However, the password reset is linked to an email account on the phone, and that doesn't require a separate login every time I want to use it. Many "secure" apps have this problem.
A lock ensures that if the phone is lost, it's not immediately exploitable. You have time to attempt to recover it before having it reset to factory standard, which is more of a pain in the ass then a phone lock ever is.
There's also just the simple issue of privacy. I have pictures and messages I just don't want anyone seeing.
You're talking about security from a being targeted perspective, and there I agree with you. It's pretty egotistical to think a hacker would target me specifically, or someone would specifically steal my phone to gain access. But it's not about that, it's about peace of mind, and security in the event that it's lost, or stolen just by chance, it's denying convenient access. Your method certainly accomplishes the same thing, but I think you put less onto your phone than I think many here are? Which is again, more inconvenient than grabbing it so my finger hits a sensor.
Excellent points! I'll probably move to a finger sensor.
My phone knows more about me than probably my brain does, especially when it comes to secrets. I can't put a lock on my brain but people can't just open it up. My phone has password back up codes and 2FA access on just about every account I own. Is that a single point of failure? Yeah, but my phone is an extension of myself in the healthiest sense of those words and I'm okay if the single point of failure on my info is myself.
And I was in the closet up until very recently do I did have some "larger" things I was hiding haha.
personal secrets are definitely a good reason! congrats on being out and about :)
Thank you! 😊 I'm definitely feeling so much better now not having to hide that 💖💖
The inconvenience of having to enter a passcode is completely minor, and even if the chance of my phone being stolen and the data being used is astronomically small the consequences of it are huge and long-lasting. The small inconvenience is worth the extra roadblock towards that in my view, which I will readily accord everyone the right to disagree with.
I find it strange that people in general seem to be OK with putting up with an inconvenience (even though minor to many) that affects them multiple times a day, but we hold large companies almost wholly unaccountable for major data breaches.
I think we generally tend not to hold (some) companies accountable for their damages to a fair degree, see also: the 2008 financial crisis, global climate change, the opioid epidemic or hiding the truth about sugar which lead to the obesity crisis. An unfortunate by-product of our own failures to hold out political systems accountable as well.
Good point, but I wish it wasn't so!
For what its worth, I've been using the fingerprint checker on my S5 for while now, and as long my hand isn't soaking wet its less hassle than swiping the screen.
I might look into that. I'm all about the convenience so if it's actually easier then I'm down. Security AND ease-of-use is where it's at.
With TouchID the inconvenience is basically non-existent, you have to press the home button to turn on the screen anyway, hold it for a second longer and you're in.
I was on a 4S for years, so upgrading to a 7 was a major upgrade, with TouchID being one of the best new features.
For me it's just easier to use the fingerprint sensor on the back than move my thumb to press the power button. It's simpler and quicker to be (more) secure than to leave it unlocked. I also have to use it for Google Pay, and I want to keep my accounts from being accessed by strangers. So I'd have it locked regardless.
Very interesting reply. Thank you!
It's not really inconvenient to me—takes like half a millisecond, stops my phone from getting unlocked in my pocket/purse/when I'm messing with it, stops people from being able to sign things using my PGP key if they get physical access, etc.
Same reason I changed my phone's default root password, really.
It depends on what you have on your phone. I have multiple banking apps, calendars, social media, etc. on mine (ie non-phone stuff.) If someone were to get their hands on my phone with malicious intentions, they could mess up my life pretty bad.
What's your worst case scenario look like?
Identity theft on multiple levels. In your edits you mention not locking our wallets, but thats kind of a "what-aboutism" because if my wallet is stolen they have one piece of my information. If they had my phone they would have access to a good portion of my life that would take more than just a call to the bank to solve.
Also to your second edit, it really isn't an inconvenience when you have your unlock code down to muscle memory. Maybe from an outside perspective, it seems a bit much but I've been doing it so long I don't think about it anymore and adds less than a few seconds to my day. Seems like a good pay off to not have to worry about identity theft.
Again, really depends on what you use your phone for. If you don't have any of those apps, then you have nothing to worry about!
Great perspective. Thanks!
I started doing it when I first got a phone and had asshole friends who would mess with it if they had the chance, and I still have a constant paranoia about people I know wanting to use my phone (even if it's just that theirs died and they need to search for something). See, the identity you'd see if you had full access to my phone is very different to what many of the people I know in real life know.
There's also the security things that everyone is talking about, but also at this point there's no reason for me not to. With the fingerprint scanner, it's typically unlocked before I'm even looking at it, so there's no meaningful inconvenience there. Also, if you keep it in your pocket against your leg, do you not get annoyed by things opening and getting pressed all the time? That happens way too much to deal with if mine is unlocked.
That sounds like an awful way to live life. Why?
Several people have said this so I'll have to check it out.
I've honestly rarely had this happen. I find it usually happens if I don't lock the phone before putting it in my pocket, which is I assume the same regardless of security method used.
It's better to have one side see you in a good light than both sides see you in a bad one.
I hope one day you can be your true-self and that others around you are accepting of that.
Years ago my father in law had an old phone stolen from his home. It was originally my wife's but when she switched over to my plan she gave the phone to her dad. The thieves wracked up close to a thousand dollars in international calls and data overages before my FIL had any clue what was happening. His carrier did not care and held him financially responsible for the charges. I know keep all my family's phones locked to prevent these types of charges from happening if their phone gets lost or stolen.
Very interesting. Sorry to hear about the experience. Yours is the first actual negative real-life negative I've heard of. Thanks for sharing!
Whelp you made me google "fursona" at work lol
Aside from just about everything personal in my life, access to protected health information. I work in medical tech and people could access our app through my phone. My employer and I would be in all sorts of problems with multiple countries' health regulatory bodies.
So this app that ties into HIPPA-protected info isn't secured by a password or anything? That's terrifyingly bad.
It is but if if my phone is stolen while there is an active session the only thing between them and it would be a lock screen. Granted it's a very narrow window.
Got it. Good on you.
I work as an Apple tech/consultant. When I got my first iPhone I did the same as you. No passcode. Then I realized that I was storing my passwords in it and it would be easy for anyone to look up my passwords if I left my phone unattended. I know you're not storing your passwords. But if you have email signed in on that device, it would be easy for anyone that had access to your phone to gain access to any other account associated with that email. Lets say you use that email with Facebook (just an example). If I sent a password reset request for Facebook, it would send to that email (that I now have access to) and now I have access to your Facebook account and you don't. Again, just an example.
In short, there are all sorts of nefarious things people can do when they have access to your email. Hell, if someone wanted to really troll you they could sign you up for nambla.
My strong advice is to create a passcode. You'll quickly get used to the nuisance. Another tip, go into the health app and enter your emergency contact info. Even if someone can't get into your phone, they can at least look up your emergency info. So if you get into an accident and you're unconscious, a paramedic can see your blood type, medications, emergency contacts etc.
I might look into the fingerprint option as that seems easiest, but not really sure I want Apple to have my fingerprints either.
But I don't mind calculated risks, either.
I struggle to imagine a scenario where someone steals my phone and then attempts to use it to get into my accounts vs just wiping and selling the phone for quick drug money.
It should be noted that the fingerprint is supposed to only be stored on the phone, and on top of that recreating a fingerprint from the scanned data is supposed to be impossible.
I've been wondering about how easy it would be to fool the sensor using the fingerprint left from your last unlock. The sensor on my Pixel XL seems to, ironically, be a fingerprint magnet.
With current technology it isn't easy or quick, although it is possible to lift the fingerprint, create a fake, and then fool the sensor.
It's certainly the type of thing a common thief wouldn't be able to easily do
It still seems like a major security hole (although fingerprints as an authentication method may just be inherently flawed). Imagine if after typing in your PIN the buttons you pressed were burned into the screen.
Yeah, kind of maybe, but it's really not easy or simple. It's possible, but if someone were to take your phone, it's doubtful they would keep it in pristine condition enough to find a suitable fingerprint. On top of that, knowing how to make a fake (and particularly a fake that will work) is more than most people know. Lifting a fingerprint is also more difficult than TV shows would have you realize. While it's not impossible to lift your fingerprint from your phone and then use it to model a fake, it's also very unlikely there will be a usable fingerprint on the phone itself.
The comparison has been made in this thread, but think about a standard lock. A Master Lock No. 3 can be easily picked by a novice with some instructions within a few seconds, but most criminals don't even know how to do that. Even having a small amount of security is enough to deter most would-be thieves.
Apple doesn't have anyone's fingerprints. That data is stored locally in the "secure enclave". But anything made can be broken.
Another scenario I thought of actually happened to my roommate. His ex somehow got into his phone (don't ask me the details of that. I think she knows his passcode.) and started forwarding all of his incoming calls to her phone. It was so simple I couldn't think of how it was happening until verizon told him to enter *68 to stop forwarding.
Whatever you do, if you set a passcode and then setup fingerprint scanning, don't forget that passcode. It is used in other areas of settings for the phone and sometimes as verification for iCloud logins.
But you're right. If someone steals your phone, they're not looking to sign into your accounts. They're looking to sell your phone. The danger of someone trying to get into your accounts is than likely going to be someone like in my roommate's scenario. However, with a passcode the thieves cannot erase your phone in any simple way I know of. Furthermore, if you have an apple ID signed into the phone if it gets erased, you'll be the only person who can unlock it after the erasure. I try to urge people that don't want to use iCloud to use it only for the find my phone feature. If it's lost or stolen, you can essentially brick the phone if need be. There are all sorts of interesting accounts from victims of theft and the features of iCloud.
I know, it's buzzfeed, but I find it to be an interesting story.
Have a good day!
Thank you! Everyone is upset that I think no one cares about their personal lives. Most strangers just won't bother as they're after quick cash so the threat of someone messing with your personal life is coming from people close to you.
I own an Android phone and I use the drawing code because otherwise it would just unlock itself when it's in my pocket. It is a middle way between having a long code and a fast way to unlock your phone.
I use an old iPhone and have not really experienced this so I wonder if that sensitivity is due to the manufacturer/OS.
Unlocking an iPhone is different than unlocking an Android phone. Apple uses the slides to unlock that is quite difficult to activate accidentally.
Android instead uses a simple swipe to unlock, and the swipe can start anywhere on the screen and then it needs to move for 1-2cm (less than half a inch), so an accidental unlock can happen anytime. Or maybe my butt just wants to look into my phone, who knows.
I use Google Pay, which requires a password, and I want to make sure my friends and family can't easily snoop through my phone. Plus, if someone steals it, I have a fighting chance of being able to get it back since they won't be able to remove my accounts without a factory reset (which most casual thieves do not know how to do).
where are we getting this casual thieves assumption? if someone recognizes the worth of a particular cell phone model I think they'd be able to plug it in to a desktop and install a "password recovery tool"
physical access = no security
I remember hearing on NPR that most home robberies are walk-ins, and the easiest way to deter them is by locking your door. Any dedicated thief will be able to get in to your home (even "high security" doors can be easily outsmarted), but most aren't going to risk making a scene by busting down the door, breaking windows, or trying to find a way to open your door from the outside (or break in when you're home and risk you calling 911 and/or being armed). By extension, if a thief sees your phone is not protected by a password, it's much easier to resell.
Any thief who did some research could wipe your device, pull the SIM, and change the IMEI, but considering how few thieves learn how to pick a lock (and most of our locks aren't all that strong), I doubt they'd be much smarter with a smartphone.
There is a similar idea with motorcycles. Just having a cover on the bike, one that is generic and doesn't loudly advertise what brand of bike it is, will deter almost all thieves from stealing. Even if it has no visible locks on it to keep it from moving. The simple act of undoing a cover, checking out the bike, and then putting it back puts the thieves life in danger so they just don't do it.
I didn't, until Touch ID and later Face ID made locking it no less convenient than not locking it.
That said, that happened in 2013. Back then I didn't have credit cards and passwords stored on my phone, nor did I use my phone for 2FA on other secure systems. Once I knew my phone was secure, I started putting sensitive things on it.
I think this is an important comment we sometimes ignore. So many people are comfortable putting out all kinds of information on a device that's so easily lost but don't lock it. Personally, I would install and uninstall my bank app when I needed it because I wasn't comfortable having it on my phone and I really hated entering a lengthy password or drawing a picture every time I went to use my phone. On top of that, I don't find 4 digit pin numbers to be very secure.
Once I knew the phone was secure from just about anyone who could pick it up and start using it, I felt much more comfortable. On top of that, unlocking my phone with the biometric sensor is just straight up faster now.
I'm just a paranoid dude who doesn't like the idea of people being able to snoop through my stuff. That's all it is for me.
Honestly, my electronic devices are essentially an extension of my own mind. Someone who digs through any of my devices can learn about what kinds of things I think about or am interested in, find out what kinds of things are important to me, and dig up personal secrets that I don't want them knowing about. They can see who I've talked to and when, access my personal accounts, and rummage through personal files. Things that would ordinarily only exist in my memories, things I've never even said or shared with anyone, are stored physically and can be peered through pretty easily.
Someone accessing my devices is thus the greatest possible invasion of my privacy.
My mental space is the only source of privacy that I truly have. It's the only space that is, and always has been, completely my own. I want to safeguard that.
These comments always remind me of the phrase "everyone is the main character in their own lives." I wonder truly how interested others are in our "secrets." I suspect we're all fairly mundane.
It's not about whether or not someone is interested in them. It's the principle of the matter and the peace of mind that comes with having a space that people can't simply intrude upon. It's the same reason I feel more comfortable being able to lock my apartment door before heading to work. I'm not paranoid that people are just waiting for me to let my guard down, I just like knowing that my privacy is secured.
It may help to have the context that my privacy was never guaranteed in the past and that uncertainty has permeated most aspects of my life. Safeguarding my privacy gives me one point of certainty that can't easily be taken away.
I basically lock my phone because Face ID (and before that, Touch ID) isn't an inconvenience at all. The way I'd open my pre-Touch ID iPhones was poke-swipe, then Touch ID made that poke, and now with Face ID it's just swipe. Likewise authenticating in apps; rather than enter, say, my 1Password master password, it's just a .5 second Face ID check when I launch the app.
I never used PINs because they were annoying, but the biometric stuff has been, if anything, a time saver over opening my phone the "old" way.
I don't even swipe with Face ID and Raise to Wake. I just look at the phone. Absolutely no inconvenience at all. It really couldn't be any simpler.
Behind Face ID are:
Without my actual face or a 6-digit passcode, you can't do much with my phone, and I really like that security.
There is an inconvenience of needing to pick up the phone in order to use it. Not a huge deal and my phone has the same problem because the biometric sensor is on the back.
A lot of people hated the iPhone X because it removed the button which allowed people to unlock it while sitting on your desk or whatever.
Still not a big deal, but when every phone is almost exactly the same these days little issues like this can change minds.
Yes, I've heard that complaint, but it's not something that I do very often (try to look at a phone that's flat on the table instead of picking it up). I also don't get 250 notifications a day, so it's not a big deal.
I love the fact that "I have to slightly move the phone" is a complaint for some people, but here we are.
Firefox Focus is terrible, you're better off using regular Firefox (and/or nightly)'s incognito and installing extensions like ublock origin. You can't even disable js in focus last I checked.
I didn't really know that. I'll look into it. iOS circles were all over it a few months ago, and I just switched from Android to iOS, so I downloaded it. I also have regular FF on my phone with ublock origin, and also have AdGuard on the phone. I haven't seen an ad yet in Safari or FF. I'm not super paranoid on phone browsers because I do very little internet browsing on the phone.
Extensions are not supported on iOS.
For me and funny enough for my parents the reason we started locking our phones was the same. My kids would constantly want to play on the phones when we weren't looking so we added pass codes so they couldn't get in whenever they wanted and it keeps them off the phone a little more.
That's what I started with way back when but at this point it really has morphed into a complete picture of my life and basically all that is needed to wreak havoc on my life. My email is constantly logged in so resetting passwords and gaining access to financial or social media accounts would be trivial. 2FA is also on the phone so everything that is "more secure" would also be at risk at that point.
That's truly what I fear lol
I think other people have covered most of what I do and why, but I want to add some commentary.
First, I keep my phone locked to keep my sensitive information from being stolen. There is a lot of personal information on my phone both about me and my life. I'm not that concerned about having my identity stolen, but my phone does use 2FA for some things, although I doubt it could be easily used against me. I mostly don't want people learning too much about me, which is an important security we often forget about.
I have an LG G5 which has a biometric sensor on the back. I started using it because it was cool, but honestly now it's just straight up faster than other unlocking methods for my phone. Pushing the button and then swiping up (the swiping up can be disabled for faster use, but also disables any protection from getting unlocked in my pocket) is at best half the speed of just using the sensor to open the phone.
On top of that, I use Last Pass as a password manager and it can also use my fingerprint to unlock my passwords. That is much faster than typing in my password (which is 27 characters long) every time I need to log into Amazon or my bank. There are other apps that can also use the biometric sensor to be unlocked, but I don't know of many.
Lastly, it's far easier to allow my wife to have access to my phone when or if she needs it. I can add multiple fingers to my phone, so I have one for each of my hands and one for my wife. This way she doesn't have to learn a passcode or drawing to get into my phone, and I don't have to tell her one, so the only person who knows the backup method is me. I can also easily revoke access if needed (not that I need to from my wife.)
Edit: After rereading the body of your post, I find it to be very condescending. While I don't think my life is that interesting or unique, I still don't want the embarrassing personal details that are on my phone getting into anyone's hands. They're not all just about me either, I have emails and texts store on my phone that reveal details about other people's lives. I have some responsibility to keep that secure as well. I don't need to allow people access to my phone just because my life is uninteresting.
Very cool. I'll check that out.
Not intentional but I can see that after re-reading it myself. I'll try to adjust it to sound less so.
In addition to all of the security concerns already mentioned, I'm required to by my work. The phone itself is provided by my job and we do a lot of government/military work. Due to this, I must have encryption enabled and the phone locked at all times.
My phone is an extension of my mind. It isn't about money or contacts. It's about conversations, notes, recordings, apps, histories, emails, photos, location history. It has the conversations I had when I was first getting to know my girlfriend, it has the conversations I had when I was steadily losing a friend to schizophrenia, it has the photos I took when I was bored in class right next to the photos I took of my sister curled up asleep after her last panic attack and my parents were worried about her. Yeah sure it has my banking data but to be honest, I'm a lot more concerned about my messaging history. Money comes and goes but how someone thinks and feels is infinitely more important. My bank cards are easily steal-able, and I would be pissed off beyond words if someone stole them or my phone to access my money, but it wouldn't hurt me deep down like having a bit of my mind broken into and rifled through.
That's the thing about phones today - because they're an extension of all your internet and phone activity, and because of how we USE the internet and our phones and messages, they're an extension of our brains. And I don't want my brain hacked into and stolen, thanks. So I absolutely lock my phone, because on no account am I allowing anyone in there but me. Even my partners don't know my code, and I don't know theirs.
EDIT: It's interesting (and patronising, to tell the truth) that you presume everyone's life is boring and dull. You really don't know anything about us. How can you presume to know that we are "uninteresting"? Everyone, everyone is interesting if you actually take the time to learn about them - and you WILL learn about them, if you have access to their phone. The fact that you have not yet built up that kind of reliance doesn't make you a better person. I'm quite sure in time you will. But don't presume that everyone is "just being their own main character" and must be a boring person secretly, who cares about them right? You don't know. You don't know anything about them or their life. So don't just assume that's the case.
I have no choice in locking my phone. I am allowed to use it for personal use.
It is an Australian Federal Government device, and all iPhones are hardened in accordance with the Australian Signal Directorates (ASD) requirements.
Just like everyone else has said, my phone contains a lot of information and passwords I'd prefer to keep to myself. Also, having a lock is some sort of deterrent from theft as they can't use it (without putting in work) unlike an unlocked phone where they can pick it up and have some use to it.
I don't. Kinda.
I used to have a very similar mindset as you do. But now I have a phone with a rear fingerprint reader. My finger goes to the reader when I grab my phone from my pocket. My phone is unlocked and open faster than it would be with a power button + swipe. The few times it doesn't work, it is very quick to move my finger and rescan. The few situations where it is very inconvenient, such as wearing gloves while skiing, I very rarely need to use my phone, and just use my pin.
I am not saying you should go out and buy a phone just for a fingerprint reader, but consider it when you do decide to purchase a new one. With a modern device, security is literally better than no security 95% of the time. The other 5%, it is only slightly worse than no security. That is a small price to pay for protection from an attack of convenience. As others have said, a pin or fingerprint will not protect you from the NSA or similar attacks. But it will give you more time to track down your lost phone before someone factory resets it.
Am I the only one with the fingerprint or does Samsung/Apple get a copy as well? Obviously I need to research this option a bit more.
I am not sure, but I can tell you what I think I know. That being said, I think I am in the "just enough knowledge to be dangerous" for this topic, so take what I say with a gigantic lump of salt.
Nobody has access to your fingerprint except your finger. It is very much like using a password on a well designed website. Google cannot access your password. Google stores a hash of your password. You can convert a password (or fingerprint) into a hash, which is how they verify you have the correct password, but it is impossible to convert a hash into a password (theoretically it is possible, but it would take a super long time even with every single computer and supercomputer on the planet working on a single hash). So your phone has a hash to be able to verify you used the correct fingerprint, but it has no access whatsoever to your fingerprint.
Just make sure you're not using a glossy phone cover :p
Thanks! I trust Apple and Samsung to design that correctly, so I may move to that :)
Because it has at least some sensitive information in terms of email and being my 2FA device. But I'd never user fingerprint or face unlock (at least not except in conjunction with an actual passcode/passphrase).
Why would I not lock my phone? I don't want someone who gets their hands on it to be able to look through all my messages and porn.