Mobile Screen Locks and Security

Posted By Debbie on November 7, 2017

There are two types of people. People whose mobile phone has rarely been out of their sight or possession. And people who leave their phone laying around, in airports, in airplane seats, at their Starbucks table, etc…

For the second type of person, we have screen locks and remote wiping. But what do we have for the first type of person?

Many Ways To Lock Your Phone

I’m on Android and I have many options for unlocking my phone. Swipe (no security), PIN, password, fingerprint, and probably iris scan. Some phones also scan faces.

Mess up the entry and you have to try again. Mess it up enough and you are locked out.

How Many Times Do You Unlock Your Phone Each Day?

If I had to guess how many times I unlock my phone each day to check things or do things (beyond turning the screen on to see the time), I would probably guess over 100. My phone is set to sleep (screen off, phone on) after 5 minutes. Whether I deliberately turn the screen off or it times out, I am probably unlocking this thing over 100 times a day.

I’m the first type of person. My phone is always on my body. Not in a bag. Not set down on a table somewhere. How many times in a day would I like to enter a PIN? Wait for my fingerprint to scan? Type in a password?

Zero. I’d like to do that zero times. That’s a security measure designed to keep other people out. I’m keeping other people out by “wearing” my phone so that nobody will have it. I’ve had a pager (old school) and then a mobile phone of some sort continuously since 1993. I have never lost a device. I’ve never left it somewhere. I’ve never had it stolen. I don’t let friends and boyfriends use my phone. Don’t have kids (hooray!).

If my phone were ever out of my hands, I’d use Android Device Manager to remote wipe it. That’s set up and ready to go.

If Your App Requires This Security Level, I’m Not Using Your App

Android Pay. Sounds like something an Android fan would want to use, right? I don’t use it because it requires that my lock screen have more security than plain old “swipe to unlock.”

Samsung Pay doesn’t require extra security. My online banking app doesn’t require it. American Express app doesn’t require it. I have endless information in Evernote, Google Contacts, and other apps… they don’t require that I have a more secure unlock.

Semaphor suggests stronger lock screen security when I launch it from my phone but I can cancel out of that message and continue using it. Thank you for giving me the choice. LOVE Sempahor.

Where I’m contracting for work right now (as of writing this), I can get into Outlook email and calendar through mobile web. No problemo! If I install the Outlook app, it requires that I have a stronger lock screen security. But mobile web has no such requirements. Someone steals my phone, unlocks it, and goes into mobile web…….. So I use mobile web and not the app, problem solved.

Many of these apps don’t save my login. Every time I launch the app, I have to log in. Not fun but I greatly prefer lengthening my app start experience in lieu of lengthening my unlocking-my-phone-every-single-time experience.

I Tried It. I Won’t Do It.

I tried having a PIN for a while to use Outlook. I tried unlocking with the fingerprint thinking that’s even faster. I tried it for 3 weeks. I hated how much it slowed me down. I have something to see or do now. Just get me there.

There are other apps I have uninstalled or avoided because they wanted me to change my behavior and use more security. UX practitioners know it’s hard to change existing behaviors, especially when the user is happy with his or her choice of behavior.

Do You Want To Create Obstacles For Your User?

Should unlocking my phone, something I do at least 100 times a day, change because of one app? Why not build that app to have greater security?

As a user and as a UX chick, I would say let’s look at personas and scenarios. Does this app have sensitive info? How can we adjust logging into the app, notifications, and other features so that we are happy with how we’ve locked it down without changing the other 99 times the user unlocks her phone with no intention of using our app at all?