The London Metropolitan Police are pushing for all new mobile phones to require a password or PIN by default, to help tackle handset and identify theft. The organization said that it has been lobbying phone manufacturers on the idea for more than two years, and has already met with Apple and Samsung to discuss what can be done.
According to the Register, internal police research shows three in five don’t set up passcodes on their handsets at all. And Thomas Labarthe, managing director for Europe at Lookout Security, noted in an email that the firm’s own surveys show a shockingly lax attitude towards phone security in the UK.
Brits, he said, seem to be seriously slacking on passcode protection on their phones in comparison to other countries. Only 44% of Brits use passcodes, whereas Germans are nearly twice as likely to employ protection (with 86% using passcodes). Even in the US, more than half (56%) report use of PINs or passcodes.
“Phone theft needs to be tackled from multiple angles to really put a damper on the smartphone black market,” Labarthe said. “The goal is to make it harder for the bad guys to profit from stealing phones. This measure to make passcode protection mandatory, adds friction into the process for the crook. When you remove the market incentive, you’ll see a drop off in device theft.”
The Met said that requiring consumers to opt out of the passcode scheme instead of into it is a first goal. But in an ideal world, the passcode would be turned on at the point of sale, and vendors would require consumers to select their own unique PIN before they ever leave the store—much like banks handle the issuing of ATM cards.
It has been shown that such measures can make a significant dent in phone theft. Apple's Activation Lock alone has cut the number of stolen iPhones down by half, the paper said. Overall, Home Office figures show that in the 12 months ending March 2014, as passcode usage has expanded, the theft of phones directly "from the person" fell by 10%.
Labarthe meanwhile told us that that simple four-digit passcodes should be the baseline, but that advancements in the technology are being made rapidly. “Now, it's no longer a question of whether or not you should use a password, but instead what is the most secure system,” Labarthe said. “PIN and password protection is rapidly evolving to bring more security and convenience to the connected world.”
Handset vendors are embracing new forms of authentication more and more. “We're seeing exciting advancements in two-factor authentication and biometrics,” he said. “I expect to see more manufacturers adopt what Apple has done with TouchID. Not only did they implement a biometric authentication method, but they've coupled it with a PIN or passcode.”