How to Lock Your Phone So Only You Can Open It
The first thing I do on every smartphone I help someone set up is configure the lock. The second thing is make sure they actually understand what each option does. Most users I meet have inherited their lock setup from whoever sold them the phone, and that setup is usually fine for an average user in their thirties and not particularly thoughtful for someone in their seventies with sensitive accounts on the device.
Let me walk through the options, because they sound similar and aren't.
Face ID — what it actually is
The iPhone's Face ID works by projecting a pattern of invisible infrared dots at your face and measuring how those dots fall on your features. The phone has a 3D map of your face stored locally. When you pick up the phone, it compares what it sees to that stored map. If it matches, the phone unlocks.
The accuracy in 2026 is genuinely excellent. Glasses are fine. Hats are fine. A surgical mask isn't always fine, though the phone does its best with the eyes if you train it to recognize you that way. Heavy makeup is fine. Aging is fine — the phone learns your face slowly over time.
Face ID doesn't work in two situations worth knowing: when your eyes aren't open (so a sleeping person can't be unlocked just by holding the phone up to their face), and when you're at a very steep angle from above (which is why looking down at the phone in your lap sometimes doesn't work).
Fingerprint
Available on iPhone SE and all current Android phones in some form. On Pixel and most Samsung phones, the sensor is built into the screen — you press your finger on a specific area of the bottom of the display. On iPhone SE, it's the round Home button.
The accuracy is also very good but worse than Face ID with one specific exception: in a bright sunlit room, Face ID occasionally hesitates because the infrared camera can't read the dot pattern as cleanly. Fingerprint doesn't care about light. Also, fingerprint works through gloves only if the gloves are the special touchscreen kind, and it gets confused by wet fingers.
You can register up to five different fingerprints on most phones. I recommend registering both thumbs and both index fingers — that covers almost every grip you'll use to pick up the phone.
The six-digit PIN
This is the fallback. Even if you use Face ID or fingerprint, the phone will sometimes ask for the PIN — after a restart, after a few failed biometric attempts, after a long period of being locked, and immediately after software updates. You will type the PIN. You need to know it.
Pick six digits that aren't your birthday, your spouse's birthday, or your address. Don't use 123456 (the most common PIN on stolen phones), 000000, or 111111. A friend of mine uses a six-digit number that's the last six digits of an old work phone extension from the 1980s — nobody else on earth knows that combination, but he remembers it instantly.
Write the PIN in your home notebook (the same notebook from our password guide). Tape it inside the door of a cabinet in the kitchen if that's easier. The risk of forgetting the PIN is not theoretical — every month I hear about a senior locked out of their phone for days because they changed it and didn't write it down.
The longer password option
Both phones allow you to use a longer password instead of a six-digit PIN, made up of letters and numbers. This is slightly more secure. It is also slightly slower to type and slightly easier to forget.
For most ordinary users, the six-digit PIN with biometric unlock on top is the right level of security. For someone with extraordinarily sensitive data on the phone (a lawyer with privileged client material, a journalist working with sources), a longer password makes sense. For everyone else, don't bother.
The mistake that bypasses all of this
Setting the "Auto-Lock" time too long, or — worse — to "Never."
"Auto-Lock" is the setting that decides how long the screen stays awake without you touching it before it goes dark and re-locks. The default on most phones is one minute. Many users find this annoying — they put the phone down to read something on it, and a minute later it's dark again. So they go into settings and change Auto-Lock to ten minutes, or thirty, or Never.
The problem: while the screen is awake, the phone is unlocked. Anyone who walks up and picks up the phone can open any app, send any message, read any email, all without needing your face or fingerprint. A phone set to "Never auto-lock" might as well not have a lock at all.
The right Auto-Lock setting for most people is two minutes — long enough that the phone doesn't shut off in the middle of reading a long email, short enough that a forgotten phone on a coffee shop table doesn't expose everything inside.
iPhone: Settings → Display & Brightness → Auto-Lock → 2 Minutes. Android: Settings → Display → Screen timeout → 2 minutes.
What about Apple Watch unlock
If you wear an Apple Watch, you can configure it so the iPhone unlocks automatically when the watch is unlocked and on your wrist. This is convenient. It also slightly weakens the security model — if someone takes both your phone and your watch in a robbery, they can sometimes use the watch to unlock the phone.
I leave this off for my own iPhone. The convenience isn't worth the trade-off in my judgment. Your judgment may differ.
One thing worth doing today
Open Settings → Privacy & Security (iPhone) or Settings → Security & privacy (Android). Find "Lock Screen" or "Always Show on Lock Screen." Look at what notifications appear on the lock screen when the phone is locked.
By default, on most phones, the contents of your text messages appear in lock-screen previews. Anyone who picks up your phone can read the most recent texts without unlocking. For most messages this is fine. For two-factor authentication codes (covered in our 2FA piece), it isn't — the whole point of 2FA is that nobody else has access to those codes.
The setting you want is "Show Previews: When Unlocked" on iPhone, or the equivalent on Android. With this on, the lock screen says "Messages: New message" but doesn't show the actual content until you've unlocked.
Small change. Big improvement.
Written by David Chen. Last verified 19 June 2026.