A thief flags you down, grabs your phone and makes you unlock it using your thumb.
A cop opens the cop car door, grabs your hand and unlocks your phone, or even easier, face unlock.
Granted, guns and torture are rather effective as well, but is anyone entirely against fingerprint unlocking?
You must log in or # to comment.
Police officers cannot force you to unlock your phone by a testimonial act that reveals the contents of your mind. You can be forced to unlock your phone by a nontestimonial act.
If only for the above reason, I refuse biometrics on any of my devices. 🤷♂️
Biometrics are fine as a /username/ but should not be used as a password - heard that on some security podcast ages ago and have kept with it since.
So basically I don’t use biometrics, lol
If I can’t change it once it gets breached (because it will get breached), then it’s not security, it’s a hurdle at best. Biometrics entry isn’t security; it’s convenience.
I don’t use ot on the lock screen.
Half the time, I bypass it on the apps because I’m wearing gloves at work.
I run GrapheneOS on my phone and reject all biometrics on principle not because I have anything to hide.
But you do have things to hide. Everybody does. That doesn’t make it bad.
biometrics are for usernames and not passwords/keys.
GrapheneOS allows it to not be used as the device unlock, but still use it for other apps once unlocked (such as banking apps).
Device unlock should never be biometric.
I also have data over the usb port disabled unless the device is actively unlocked.
For proper user authentication the model always used to be that the user should present three things: something they were (a username for instance), something they knew (a password), and something they had (a OTP from a device, or a biometric). The idea being that, even if a remote attacker got hold of the username and password, they didn’t have the final factor, and if the user was incapacitated or otherwise forced to provide a biometric, they wouldn’t necessarily supply the password (or on really secure systems, they’d use a ‘panic’ password that would appear to work, but hide sensitive information and send an alert to the security team).
Now we seem to be rushing into a system where you have only two factors, the thing you have, namely your phone, and the other thing you have, namely a fingerprint or your face. Notably you can’t really change either of those, especially your biometrics, so they’re entirely useless for security. Instead your phone should require a biometric and a password to unlock. The biometric being ‘the thing you are’, the phone ‘the thing you have’, and the password being 'the thing you know.
So, yes, I’m entirely against fingerprint unlocking.
For every day use, I use it. It’s convenient.
If I’m traveling or going to a protest, I’ll turn it off. I also make sure I know the ways to disable it.
or going to a protest
I’d suggest you may be better off not bringing your phone at all, in this case.
Graphene allows for fingerprint and second factor pin unlock, which is what I use. I mostly do that for cops, though, since in the US you can be legally compelled to unlock your phone with biometrics but not pin.
Wouldn’t stop someone from torturing you to unlock your device, but that’s what a duress pin is for ;) (they may kill you once your phone wipes but at least they wouldn’t have your data)
If I were a breaking bad meth dealer and had all my buyers as contacts on that phone and all my incriminating chats, I wouldn’t use biometrics to unlock it. But I’m not a meth dealer (and I’m not just saying that because that’s what a meth dealer would say).
There is a spectrum of convenience vs. security. It depends on where you sit. I’m okay with the fingerprint, wouldn’t go for the face.
Doesn’t Android have the panic/cop switch where you force password over biometrics unlocking? It’s not a 100% failsafe but it is a start.
(and I’m not just saying that because that’s what a meth dealer would say)
Hmm sound like something a meth dealer would say
And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
Alternatively you can quickly spam the wrong finger over the sensor a few times until it requires the pass code, which will work for iOS too.
It may vary between models. Mine if you spam the wrong finger it just counts down 30 seconds before you can try again. But restarting does force a pass entry before fingerprint will work again. I guess the caveat is you have to be able to hold down the power and then select a restart.
And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
For those of us, that opens G-Assistant by just pressing the power button:
Power + Vol upNeither option works on my Xiaomi Mi 10t Lite 5g, with the MIUI overlay :(
Hmm sound like something a meth dealer would say
I assure you. I’m not a meth dealer. Really. I don’t know what else to tell you!
Thanks for answering my question.
Methinks the meth dealer doth protest too much.
Hoisted by my own methtard.
Do NOT use biometric unlock in the U.S.
Law enforcement can force you to open the phone vs. requiring a warrant for PIN/Password.
Same with face unlock, not requiring a warrant, if I’m remembering correctly
Yes
deleted by creator
They’re generally a bad idea, especially if you’re a political dissident.
I don’t use it at all, even with various bank apps and such yelling at me to do so. Yeah, a $2 wrench could still eventually get it out of me, but you can’t just use my face/finger to do so.
it is an oxymoron. Biometrics are the equivalent of a username, not a password.
I like this perspective. Wish there were more implementations of a biometric + password combo.
100%. Pin plus fingerprint would be truly excellent in my opinion with minimal inconvenience.
