There are a bunch of ways you can try to prevent folks from unlocking your phone without your permission. Most phones let you set up a numeric code, or PIN that you can enter. Some let you use an alphanumeric password. Or you can require the user to swipe a pattern across the screen. And some newer phones support fingerprint, facial recognition, or even iris scanners.
Samsung’s new Galaxy S8 phones has pretty much all of the above, but some are arguably more secure than others.
Theoretically, that means anyone who wants to use your phone without your permission could just show it a picture (or point it at your unconscious or unaware face).
Fingerprint sensors and iris scanners could have similar issues: while it might always be easy, someone could theoretically force you to touch or look at a phone to unlock it, while beating the password or PIN out of you might be more difficult.
But that’s one of the challenges that comes with balancing security and convenience. On the one hand, fingerprint or facial recognition isn’t necessarily as secure as a long password or complicated swipe pattern. On the other hand, how many hoops do you want to jump through to unlock your phone dozens of times each day on the off chance that something that’s moderately inconvenient for you is very inconvenient for a thief or spy?
Generally speaking, I think biometric security is a good thing since it encourages people who might not otherwise use a password to protect their phone to at least use something. But it’s probably worth pointing out that many of the new security features showing up on smartphones may include some nifty technology, but they’re largely designed to enhance convenience rather than security.
It is worth pointing out that the use-a-photo trick doesn’t necessarily work with all devices that support facial recognition. Microsoft’s Windows Hello requires an infrared camera, which helps it detect the difference between a real face and a photo.