A thief flags you down, grabs your phone and makes you unlock it using your thumb.
A cop opens the cop car door, grabs your hand and unlocks your phone, or even easier, face unlock.
Granted, guns and torture are rather effective as well, but is anyone entirely against fingerprint unlocking?
You must log in or register to comment.
Pragmatically, is that really any different with a passcode? Someone might not be able to physically force an unlock like with biometrics by moving the relevant body part over, but there’s certainly nothing stopping someone from forcing you to unlock your phone if you had a passcode through by duress. Most thieves would have certainly wised up enough to force you to remove your passcode before leaving, or they’d watch you unlock your phone, and figured out the passcode that way.
I rather doubt that, if in that kind of situation, there would be many who would resist. Your phone is not worth your life for most.
Personally, if I wasn’t doing anything sensitive, like travelling through some countries (like Australia/the US) or going to a protest, I’d probably keep it on. The convenience makes up for it for the most part.
Biometric anything feels weird, being an identical twin. I stick to never using it.
it is an oxymoron. Biometrics are the equivalent of a username, not a password.
I like this perspective. Wish there were more implementations of a biometric + password combo.
If I can’t change it once it gets breached (because it will get breached), then it’s not security, it’s a hurdle at best. Biometrics entry isn’t security; it’s convenience.
If I were a breaking bad meth dealer and had all my buyers as contacts on that phone and all my incriminating chats, I wouldn’t use biometrics to unlock it. But I’m not a meth dealer (and I’m not just saying that because that’s what a meth dealer would say).
There is a spectrum of convenience vs. security. It depends on where you sit. I’m okay with the fingerprint, wouldn’t go for the face.
Doesn’t Android have the panic/cop switch where you force password over biometrics unlocking? It’s not a 100% failsafe but it is a start.
(and I’m not just saying that because that’s what a meth dealer would say)
Hmm sound like something a meth dealer would say
And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
Alternatively you can quickly spam the wrong finger over the sensor a few times until it requires the pass code, which will work for iOS too.
Edit: after a quick test the “wrong finger” method has a a fatal flaw. After using the wrong finger a few times, the pass code UI appears. If you back out of it you can still use finger unlock. You have to get to the code UI and back out 2-3 times before it says too many failed attempts and forces you to use the pin.
And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
For those of us, that opens G-Assistant by just pressing the power button:
Power + Vol upNeither option works on my Xiaomi Mi 10t Lite 5g, with the MIUI overlay :(
Hmm sound like something a meth dealer would say
I assure you. I’m not a meth dealer. Really. I don’t know what else to tell you!
Thanks for answering my question.
Methinks the meth dealer doth protest too much.
Hoisted by my own methtard.
Also, for the ones that support reset after 10 wrong passcodes, enable that shit. SIM PIN too (mostly for various other reasons.)
It may vary between models. Mine if you spam the wrong finger it just counts down 30 seconds before you can try again. But restarting does force a pass entry before fingerprint will work again. I guess the caveat is you have to be able to hold down the power and then select a restart.
I don’t want to test this right now, but some of my previous devices would just reboot after keeping the power button pressed for approx. 10-30 sec, overruling the need to use the on-screen shutdown menu - probably to be able to escape a frozen/broken system without waiting for the unremovable battery to run out. That could very well still be the case for some current devices out there.
For every day use, I use it. It’s convenient.
If I’m traveling or going to a protest, I’ll turn it off. I also make sure I know the ways to disable it.
or going to a protest
I’d suggest you may be better off not bringing your phone at all, in this case.
Do NOT use biometric unlock in the U.S.
Law enforcement can force you to open the phone vs. requiring a warrant for PIN/Password.
Same with face unlock, not requiring a warrant, if I’m remembering correctly
Yes
If you don’t have time to quickly disable biometrics (lockdown mode) before the cops grab it, you wouldn’t have time to turn it off either. A phone in AFU mode is very easily cracked with those forensic devices.
in the U.S
And they could just beat you for the password either way, given the current political atmosphere.
Graphene allows for fingerprint and second factor pin unlock, which is what I use. I mostly do that for cops, though, since in the US you can be legally compelled to unlock your phone with biometrics but not pin.
Wouldn’t stop someone from torturing you to unlock your device, but that’s what a duress pin is for ;) (they may kill you once your phone wipes but at least they wouldn’t have your data)
Police officers cannot force you to unlock your phone by a testimonial act that reveals the contents of your mind. You can be forced to unlock your phone by a nontestimonial act.
If only for the above reason, I refuse biometrics on any of my devices. 🤷♂️
I don’t use it at all, even with various bank apps and such yelling at me to do so. Yeah, a $2 wrench could still eventually get it out of me, but you can’t just use my face/finger to do so.
I run GrapheneOS on my phone and reject all biometrics on principle not because I have anything to hide.
But you do have things to hide. Everybody does. That doesn’t make it bad.
As opposed to what? What will you use that’s impervious to those things?
passwords, which are protected under the 5th amendment of the us constitution
Passwords are impervious to guns and torture?
OP specifically used cop unlocking your phone as an example. Don’t argue in bad faith.
Absolutely no access control on a consumer device is impervious to guns and torture.
They also specifically used the example of guns and torture.
biometrics are for usernames and not passwords/keys.
GrapheneOS allows it to not be used as the device unlock, but still use it for other apps once unlocked (such as banking apps).
Device unlock should never be biometric.
I also have data over the usb port disabled unless the device is actively unlocked.
For proper user authentication the model always used to be that the user should present three things: something they were (a username for instance), something they knew (a password), and something they had (a OTP from a device, or a biometric). The idea being that, even if a remote attacker got hold of the username and password, they didn’t have the final factor, and if the user was incapacitated or otherwise forced to provide a biometric, they wouldn’t necessarily supply the password (or on really secure systems, they’d use a ‘panic’ password that would appear to work, but hide sensitive information and send an alert to the security team).
Now we seem to be rushing into a system where you have only two factors, the thing you have, namely your phone, and the other thing you have, namely a fingerprint or your face. Notably you can’t really change either of those, especially your biometrics, so they’re entirely useless for security. Instead your phone should require a biometric and a password to unlock. The biometric being ‘the thing you are’, the phone ‘the thing you have’, and the password being 'the thing you know.
So, yes, I’m entirely against fingerprint unlocking.
