Recently both Apple and Google have come under fire because of a setting that allows a person to reset the respective account for a phone once the phone is unlocked.
When it comes to Android devices, you can use your unlock method to pass a challenge that allows you to reset your Google password. This means that if someone has your phone and knows how to unlock it, they can potentially access your Google account. However, keep in mind that they would need to know your unlock method to get there in the first place.
In simpler terms, if you have an Android device, your unlock method can be used to reset your Google password. This could be problematic if someone gains access to your phone and knows how to unlock it. But don’t worry, they would need to know your unlock method first to even attempt this.
Some people may think that automatically designating every phone you’re logged into as a trusted device is a mistake or defect in the system. However, it’s not a bug; it’s actually a feature designed for convenience. Google prioritizes keeping others out of your phone and protecting your personal information over making everything more easily accessible once you’ve logged in. This is a common trade-off between convenience and security, and it’s something you’ll see in many companies.
In essence, you can use features like this to help you stay organized, or you can opt to manage everything manually without your phone’s assistance. Google understands which approach is more user-friendly, and ultimately, people will choose the easier option. By choosing what’s easier, we’re also choosing what’s more secure in the end.
It all boils down to one thing — you need to have a strong screen lock.
Nobody can tell you which screen unlock method is best for you, but as long as you’re not relying on Android’s face unlock (unless you still use a Pixel 4) it’s pretty secure.
Yes, things like a six-digit PIN are more secure than a four-digit PIN, and using a password is even “better” but what works best for you is the method you are willing to use. For most of us, that’s a fingerprint and that’s good enough.
I know I know, someone could chop off your finger or force you to tap the screen but if faced with the idea of losing a finger most of us would hand over a long complicated password immediately anyway. I would because I like having all of my fingers. I’ll also add that a fingerprint is your username and should never be used as something you may need to change like your password. But it’s something people will use because it is easy.
Once someone is in your phone changing your Google password isn’t the only thing you need to worry about. A person with access to your phone has access to your email (which can also be used to reset your Google account password) your bank app which probably uses SMS or email to authenticate, your Amazon account and the associated payment methods, and anything else that requires a password that’s cached to make it easy and fast to sign in.
That pesky convenience versus security thing is everywhere, especially in your web browser. Again — it’s assumed that you control access to the actual device and that you’re using a strong unlocking method. Do you really want to have to log into Gmail or Twitter or Facebook every time you open the app? No, you don’t. Even I don’t.
I don’t expect Google or Apple to change things so you can no longer use your phone to pass a security challenge. In fact, I see things moving in the other direction now that your phone is also a two-factor authentication key. As for what we need to do nothing has changed.
- Use a good password that has upper and lower case letters, numbers, and a special symbol like & or } or two for accounts that are able to be set with a password.
- Use a different password for everything.
- Change your passwords regularly.
- Use 2FA with every service that lets you.
- Use a password manager if you need one.
- Make sure your screen lock isn’t easy to bypass.
One last bit of advice and a thing to remember is that Apple and Google have excellent software that lets you track and remotely erase a lost or stolen phone.
Make sure you try it at least once so you know it’s working and don’t be afraid to use it to wipe a lost phone once you’re sure it’s lost or stolen and not just down in the space beside your car seat or in your desk at work.
Phone security isn’t hard and you don’t have to be anyone special to need it. Someone will always be happy to drain the last $80 out of your bank or run your credit card up via Amazon if they can.