Screen Locks & Encryption: A Security Guide

TL;DR

Biometrics (fingerprints, face ID) are good for convenience but don’t replace full disk encryption. Think of biometrics as a quick key to unlock your device – if someone gets past that, they can still access everything if the data isn’t encrypted. Encryption scrambles all the data on your device so it’s unreadable without a password.

Understanding the Difference

1. Biometric Screen Locks: These verify who you are to unlock your phone, tablet or computer. They’re fast and easy but aren’t foolproof.
2. Encryption: This protects what’s on your device by turning it into a code. Even if someone gets physical access, they can’t read the data without the correct password/key.

Why Biometrics Aren’t Enough

1. Security Flaws: Biometric systems aren’t perfect. They can be tricked with fake fingerprints, photos or sophisticated software.
2. Compromised Data: If the biometric data itself is stolen (rare but possible), it’s very difficult to change your fingerprint!
3. Legal Access: Law enforcement can sometimes compel you to unlock a device using biometrics, whereas encryption offers more protection against forced decryption.

How Encryption Works

Encryption uses mathematical algorithms to scramble the data on your device. When you lock it with a strong password, that password is used to create an ‘encryption key’. This key decrypts (unscrambles) the data when you unlock it.

Checking Encryption Status

1. Windows:
• Press Win + R, type control hdwware and press Enter.
• Select ‘Device Manager’.
• Expand ‘Security devices’ – if you see ‘Trusted Platform Module’, your drive is likely using hardware encryption (BitLocker).
• Alternatively, search for ‘BitLocker’ in the Start menu to check its status.
2. macOS:
• Go to ‘System Settings’ > ‘Privacy & Security’.
• Select ‘FileVault’. If it says ‘On’, your drive is encrypted.
3. Android:
• Settings > Security > Encryption (the exact path varies by manufacturer). Look for a status indicator. Many modern Android phones encrypt storage automatically.
4. iOS/iPadOS:
• Settings > Face ID & Passcode (or Touch ID & Passcode). If passcode is enabled, your device is encrypted by default.

Enabling Encryption

1. Windows (BitLocker):
• Search for ‘BitLocker’ in the Start menu and select ‘Manage BitLocker’.
• Turn on BitLocker for your system drive. You’ll need to create a recovery key – store this safely!
2. macOS (FileVault):
• Go to ‘System Settings’ > ‘Privacy & Security’.
• Select ‘Turn On FileVault’. You’ll be prompted to create a password. Store this safely!
3. Android:
• Settings > Security > Encryption (if available). Follow the on-screen instructions. Note that some older Android devices may not support full disk encryption.

Best Practices

1. Strong Passcode: Use a long, complex passcode for both your screen lock and encryption key (if separate).
2. Regular Updates: Keep your operating system updated to patch security vulnerabilities.
3. Backup Recovery Key: Store your BitLocker or FileVault recovery key in a safe place – you’ll need it if you forget your password!
4. Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts.