Which method of authentication should you use?

Use Biometrics as much as possible

I can understand if you are one of those "I don't want this company to have my Fingerprint/Face ID stored on their servers. Rest easy. Apple said that your Face ID data is stored on your iPhone and not on their database. All Face ID and Touch ID data is held in an area called the "Secure Enclave" which is one of the iPhone's dedicated chip designed to securing any sensitive data. This is also similar to Android users such as Samsung and Google Pixel where fingerprint data is stored in a TEE. That's the "Trusted Execution Environment" if you wanted to know but a discussion for another time I think.

Biometric data is very difficult to copy and hack and it is one of the most secure way in securing any information from prioring eyes. Even some Banks are integrating Face ID/Touch ID as an authentication method to access your account. If it wasn't secure then the Banks wouldn't be using it.

Forget PINs, Use Passwords

PINs only allow numbers and for some reason only a certain amount of digits is allowed on a devices. Apple only allows 4 or 6 digit PINs which I find unusual for a company that has one of the best authentication methods in the world. Android phones typically allow up to 16 digits depending on what device you have however passwords allow both  alphanumeric characters and symbols which adds more complexity and makes it a lot more difficult to crack. Most hackers use brute-force cracking which is a tool used to guess different combination of passwords/PINs. There are more characters than numbers and so brute-force will crack a PIN with more ease than a password. So, please use passwords or if the option allows you to use both then go ahead and use both.

Quantity over quality

I've always believed that the quality is good but the quantity is better. Using more than one authentication method such as a fingerprint and PIN will keep you more secure and less likely to be a victim of a hack. There are many two-factor authentication methods out there and you can enable them on your accounts.

For example, Apple require you to enter a 6 digit code that is sent to either your Apple device or via SMS whenever you login to your Apple ID. You can understand more about Apple's two-factor authentication here.

Some websites require you to download an authenticator app such as Authy, Microsoft Authenticator and Google Authenticator. I would highly recommend you download Authy so that if you ever lose your phone, you can still retrieve the data as it is tied to your number. However either app is fine but just make sure you don't forget any encrypted passwords if you choose.

Dirty fingers are unsecure

"What are you talking about?" is probably what you are asking and I can understand why but hear me out. When you use your phone, you sometimes leave finger marks and so what happens if you for example you unlock your phone using your PIN so that your friend or possibly a stranger could use your phone? You leave finger marks and so those marks will be on the screen which is exactly where your PIN numbers are.

I experienced this once with a client who wanted me to add their work email on to their iPhone and so they touched in their PIN and gave me their phone. I didn't know their PIN but I already knew the 4 digits of their PIN and so guessing their PIN would be a lot easier with fewer trial and errors. I mentioned this to them and it was one of those "I never even thought about that" moments especially coming from someone who was sensitive about their security.

So keep your fingers clean so that you don't leave finger marks or if you cannot clean them just yet then give your screen a quick wipe so the fingerprint smudges are nowhere to be seen. 

Conclusion

Either method is fine to use however the most important one is two-factor authentication. If for some reason you cannot use it (which is highly unlikely) then I would choose Biometric as your first option, passwords second and PINs third. But remember that when it comes to security, quantity is better.

Leave a Reply

Your email address will not be published. Required fields are marked *