Android @lemmy.world Vanilla_PuddinFudge @infosec.pub 5d ago

What's your take on biometric security?

A thief flags you down, grabs your phone and makes you unlock it using your thumb.

A cop opens the cop car door, grabs your hand and unlocks your phone, or even easier, face unlock.

Granted, guns and torture are rather effective as well, but is anyone entirely against fingerprint unlocking?

39 comments

it is an oxymoron. Biometrics are the equivalent of a username, not a password.
- I like this perspective. Wish there were more implementations of a biometric + password combo.
If I were a breaking bad meth dealer and had all my buyers as contacts on that phone and all my incriminating chats, I wouldn't use biometrics to unlock it. But I'm not a meth dealer (and I'm not just saying that because that's what a meth dealer would say).

There is a spectrum of convenience vs. security. It depends on where you sit. I'm okay with the fingerprint, wouldn't go for the face.

Doesn't Android have the panic/cop switch where you force password over biometrics unlocking? It's not a 100% failsafe but it is a start.
- (and I'm not just saying that because that's what a meth dealer would say)
  
  Hmm sound like something a meth dealer would say
  
  And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
  
  Alternatively you can quickly spam the wrong finger over the sensor a few times until it requires the pass code, which will work for iOS too.
  
  Edit: after a quick test the "wrong finger" method has a a fatal flaw. After using the wrong finger a few times, the pass code UI appears. If you back out of it you can still use finger unlock. You have to get to the code UI and back out 2-3 times before it says too many failed attempts and forces you to use the pin.
  
  Hmm sound like something a meth dealer would say
  
  I assure you. I'm not a meth dealer. Really. I don't know what else to tell you!
  
  Thanks for answering my question.
  
  And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
  
  For those of us, that opens G-Assistant by just pressing the power button:
  Power + Vol up
  
  Also, for the ones that support reset after 10 wrong passcodes, enable that shit. SIM PIN too (mostly for various other reasons.)
  
  It may vary between models. Mine if you spam the wrong finger it just counts down 30 seconds before you can try again. But restarting does force a pass entry before fingerprint will work again. I guess the caveat is you have to be able to hold down the power and then select a restart.
If I can't change it once it gets breached (because it will get breached), then it's not security, it's a hurdle at best. Biometrics entry isn't security; it's convenience.
For every day use, I use it. It’s convenient.

If I’m traveling or going to a protest, I’ll turn it off. I also make sure I know the ways to disable it.
- or going to a protest
  
  I'd suggest you may be better off not bringing your phone at all, in this case.
Graphene allows for fingerprint and second factor pin unlock, which is what I use. I mostly do that for cops, though, since in the US you can be legally compelled to unlock your phone with biometrics but not pin.

Wouldn't stop someone from torturing you to unlock your device, but that's what a duress pin is for ;) (they may kill you once your phone wipes but at least they wouldn't have your data)
Take this:

https://xkcd.com/538/

And now encourage people to cut off your thumb
Do NOT use biometric unlock in the U.S.

Law enforcement can force you to open the phone vs. requiring a warrant for PIN/Password.
- Same with face unlock, not requiring a warrant, if I'm remembering correctly
  
  Yes
if biometrics is the only thing you have you might aswell not have a password at all but if you use it with a 2fa pin it is good for example for your phone yiu can have a long backup passphrase and if you dont want to type that in you can use biometrics to unlock the pin screeb and still need to type in a pin so its the best of both worlds
Police officers cannot force you to unlock your phone by a testimonial act that reveals the contents of your mind. You can be forced to unlock your phone by a nontestimonial act.

From here...

If only for the above reason, I refuse biometrics on any of my devices. 🤷‍♂️
I run GrapheneOS on my phone and reject all biometrics on principle not because I have anything to hide.
- But you do have things to hide. Everybody does. That doesn't make it bad.
I don't use it at all, even with various bank apps and such yelling at me to do so. Yeah, a $2 wrench could still eventually get it out of me, but you can't just use my face/finger to do so.
For proper user authentication the model always used to be that the user should present three things: something they were (a username for instance), something they knew (a password), and something they had (a OTP from a device, or a biometric). The idea being that, even if a remote attacker got hold of the username and password, they didn't have the final factor, and if the user was incapacitated or otherwise forced to provide a biometric, they wouldn't necessarily supply the password (or on really secure systems, they'd use a 'panic' password that would appear to work, but hide sensitive information and send an alert to the security team).

Now we seem to be rushing into a system where you have only two factors, the thing you have, namely your phone, and the other thing you have, namely a fingerprint or your face. Notably you can't really change either of those, especially your biometrics, so they're entirely useless for security. Instead your phone should require a biometric and a password to unlock. The biometric being 'the thing you are', the phone 'the thing you have', and the password being 'the thing you know.

So, yes, I'm entirely against fingerprint unlocking.
Biometric anything feels weird, being an identical twin. I stick to never using it.
GrapheneOS allows it to not be used as the device unlock, but still use it for other apps once unlocked (such as banking apps).

Device unlock should never be biometric.

I also have data over the usb port disabled unless the device is actively unlocked.
biometrics are for usernames and not passwords/keys.
Biometrics are fine as a /username/ but should not be used as a password - heard that on some security podcast ages ago and have kept with it since.

So basically I don't use biometrics, lol
Pragmatically, is that really any different with a passcode? Someone might not be able to physically force an unlock like with biometrics by moving the relevant body part over, but there's certainly nothing stopping someone from forcing you to unlock your phone if you had a passcode through by duress. Most thieves would have certainly wised up enough to force you to remove your passcode before leaving, or they'd watch you unlock your phone, and figured out the passcode that way.

I rather doubt that, if in that kind of situation, there would be many who would resist. Your phone is not worth your life for most.

Personally, if I wasn't doing anything sensitive, like travelling through some countries (like Australia/the US) or going to a protest, I'd probably keep it on. The convenience makes up for it for the most part.
As opposed to what? What will you use that's impervious to those things?
- passwords, which are protected under the 5th amendment of the us constitution
  
  Passwords are impervious to guns and torture?
They're generally a bad idea, especially if you're a political dissident.
I don't use ot on the lock screen.

Half the time, I bypass it on the apps because I'm wearing gloves at work.
While I’d want to turn off biometrics if I thought I was in a risky situation:

pin required on restart

Lock Screen is pretty fast

must importantly sensitive apps and settings use a secondary authentication, including in app switching

So they could force me to unlock it, but probably wouldn’t take the time to hunt down all the places there’s secondary authentication. So damage would be partly mitigated

39 comments