I wish there was a way to require both biometrics and PIN. They're both insecure on their own, but together they're better. Like instant MFA for your unlock. I would enable that immediately, if it was available.
Edit: then a password / passphrase in case one of the other two stops working (as an emergency unlock).
Maybe. I don't biometrics on my computers. Only phone. I don't unlock my computer a thousand times a day using a crappy touch kb. Actually, if the phone had a physical kb, maybe it wouldn't have been so bad. Not sure.
i wouldnt really want to use biometrics on my computer either, i'd rather use a physical security key, but then i'd probably also want to use it with my phone also. So there's that i guess.
The only issues I have with a yubi on a phone, is the general fragility of USB-C ports (and that there is only one). On a PC or laptop, you've generally got several, so if one breaks and the yubi can't be used in that port, you're not locked out.
Wow, a generic "Linux good, anything else dogshit" comment.
This is in no way relevant to the topic.
This is like if someone posted that they couldn't get their car with the color they wanted and you saying "fuck you and your car, I can paint my living room in any color I want, right now it is striped burgundy and mint, aren't living rooms way better than cars?"
It's literally linux phone. It runs regular linux. Regular linux uses PAM modules. There is no difference between configuring it on desktop and on phone. If comprehending ability to use same OS on desktop and phone is beyond your intellectual ability, I will guide you with this logical chain: linux on desktop -> linux on ARM computer like raspberry pi -> linux on ARM computer based on Allwinner A64 -> PinePhone is based on Allwinner A64.
If you still don't grasp it, I'll try once more. This can be installed on regular linux. Single Board Computers can run regular linux. This includes Pine64, which uses A64 chip. A64 devices can run it from sd card. And if you can't imagine how Pine64 that works on A64 and PinePhone that works on A64 are connected, here's neat trick: insert bootable sd card into Pine64, load linux, configure math captcha module, shut it down, insert same sd card into powered off PinePhone, power it on, it will load exact same OS your Pine64 have been using and where math captcha is configured.
You still have not shown me a Phone configured as you bragged it could.
You don't grasp that I am not interested in theory, I am interested in practical demonstrations.
My point is that it doesn't matter if Linux xan do this, the discussion was about a mobile phone that could do both biometrics and pin at the same time.
Show me a Linux phone that is actually configured to unlock with both biometrics and pin, then you have proven that Linux is relevant.
I don't care about what is technically possible, I care about it actually being done.
I am not even asking if it is easy to setup or simple to use, I am just asking you to prove that it can be done on a Linux phone.
I am just asking for a proof of concept running on a Linux phone.
I am giving Linux the best possible chance here, the bare minimum.
The tasks I want to see done on a Linux phone is the following:
Prompt for a fingerprint, face scan, or any quick biometric.
Once passed the biometric prompt successfully, the phone should prompt for a pin.
once passed both prompts the phone should unlock.
I love Linux, I have been a Linux sysadmin for almost a decade and used Linux on and off for almost twenty years. I daily drive Windows due to work and gaming, but am considering switching to Linux at home when Win10 goes EOL.
But unless you can show me a Linux phone configured as described above then Linux is not the answer.
Linux is fucking dying on phones. UBport, etc all they can do is a cat and mouse game. Voip? Catch the mouse. And all the while it's running om proprietary cellular modem chips, something that will never change
My point is that it doesn’t matter if Linux xan do this, the discussion was about a mobile phone that could do both biometrics and pin at the same time.
if you lack basic cognitive reasoning to the point that someone can configure PAM in a specific way on desktop linux, and that presumably, a phone running the exact same software suite, with no differences aside from graphical environment, somehow couldn't do this is actually just kind of sad.
Wait until you find out how monitors display color. They have three different colors, red green and blue, and somehow, that manages to make all the funny colors on your screen. But since you can't see the individual pixels with your naked eye, i guess that must be untrue now huh?
i wasn't talking about phones, but the pinephone, and the pinephone64, and a handful of other phones that are supposedly running linux, that are either not out yet, or really expensive.
and the original comment is entirely irrelevant to the original thread? You can't be serious.
Am i not allowed to enjoy the flexibility of linux, ever? I agree with the original poster, i think android and IOS should objectively support these features, they have no reason not to. I've never said otherwise, i just think they're dogshit OS's because they don't support basic security features you would otherwise expect to any level of consistency.
No, it's more like ford only producing cars in black, and people complaining about the fact that they don't come in any other color, and then me mentioning that actually, you can just paint your own car a different color, it's not really that hard. But regardless of that ford only selling cars in black is a rather shitty business practice to do especially when customers want cars in other colors, because black is, rather boring.
You claim so and yet have no example article, video, blog post, or any form of proof of it ever being done. Everything is possible in theory, even on iOS (with a jailbreak).
although realistically, there are better ways of doing this than using biometrics, physical security keys for example.
Also you say this like the OP actually verified that this was a thing that was impossible and couldn't be done. You're also acting like i claimed that this was explicitly the case, which i did not.
bro i use linux, i have literally configured a fingerprint scanner to work before
So did I, can confirm it's easy, and it doesn't matter because we are not talking about configuring a fingerprint scanner to work, we are talking about having a phone lock screen that asks for both a fingerprint and a password, something that would require, at the very least, UI that I don't think exists in any Linux phone project. That there is underlying functionality in PAM to make it happen is irrelevant, because that's only part of such a solution.
do you think i’m just making up PAM?
No, why? I'm saying that there is no Linux phone where "you can just do this out of the box" like you say.
If you are saying you started an offtopic conversation about Linux that had nothing to do with phones, and then, unrelated to your own comment, complained about Android and iOS even though your comment had nothing to do with phones, then... that sure is interesting.
no, we were talking about basic cybersecurity, or i suppose physical device security, which just happens to be relevant to phones because it turns out phones are dogshit at physical security. So i left a comment about how this is basically a solved problem on linux, because it's not actually that hard to just implement proper security.
I was complaining about android, because both me and the commenter i was responding to were talking about how awful security is on these devices, for no reason other than utter incompetence or forced inaction.
This isn't interesting, it's a basic conversational pattern, if you haven't spoken with enough people to realize that conversations just, shift sometimes, i feel bad for you.
It’s sort of there, but maybe more to protect from criminals than abuses of authorities. All of my bank apps require a second authentication to launch or even to switch back to them.
Granted I could turn it that off or set it to biometrics, but I leave it on PINs. A criminal wanting to steal from my bank account will need both my biometrics to unlock my phone and a different PIN per bank.
This even provides some protection from the $5 wrench they’d use. Sure, I’ll unlock my phone at the threat of real violence. But you won’t know ahead of time what banking app I have or even how many, so you may not get them all. Pay by phone may use the same biometric but I can likely dispute those charges after the fact
In the abuse of authority scenario, that may keep them out of my bank records but there are established paths to get that from the bank so they’re less likely to be interested. I’m sure they’re more interested in violating the privacy of my friends and family
I think this would be different for someone not on parole. So like if you're just speeding and get pulled over I believe they would be violating the law/Constitution if they forced your thumb against your phone.
But they probably do it anyway so good idea to follow the lock down above in this thread.
Biometrics are not secret and should not be used in place of passwords. They are identity like a user name. It's the same problem with orgs trying to use ssn as a security challenge, with all the beaches pretty much everyone's is already public knowledge.
While it doesn't contradict what you're saying, apparently ”the provisions of his parole required him to surrender any electronic devices and passcodes." Wtf
iOS users can press and hold the power and volume up button until the emergency call screen appears, then release. You now have to enter your PIN / Password to unlock again and not use TouchID / FaceID. Good luck trying to get me to tell you the code.
Similarly, on Android there's an option in your lock screen settings along the lines of "Show lockdown option" that adds a lockdown button to the power/restart menu when holding the power button.
Or you can press the power button for like 10 seconds, that should force a restart and android asks for password/pin/unlock pattern after restart or after 48 hours.
iPhone SE also has that. It'll disable the fingerprint on next unlock if you hold the power button for 5 seconds or mash the power button repeatedly (like 5 times in 2 seconds, therabouts). Pretty handy to know these things not only for police but if you get mugged. Everyone should know how to lock their phone out
Everyone should just not use these methods to unlock their phones in the first place. Pressing a power button 5 times, or holding a power button for 10 seconds, or pressing and holding buttons until the emergency screen appears are very easy things to do, at least until there is a cop in your face grabbing your phone and putting you in cuffs.
It's not, technically, but if I have sensitive documents on my phone and a law officer is trying to get me to unlock my phone, I will be entering and/or putting the duress code into my phone. GrapheneOS has 'lockdown' button by 'restart' and 'shutdown' all of which will require a passphrase to unlock, even if you normally have fingerprint enabled for X hours each time of use.
So it's semi-related in that GrapheneOS protects against this type of attack.
This has been the law for a while, it's just that more Circuits are aligning. Don't use biometrics if you don't want LEO to be able to access your phone. A password is covered by 5A in some circuits and in others it's likely sufficient to just refuse or claim faulty memory due to the stress of the situation. Regardless of the location, the contents of the device are covered by 4A and you may succeed in getting a lot of whatever is found thrown out -- classic you can beat the rap, but you can't beat the ride.
Truecrypt had a false volume for this very purpose.
You have one password to unlock your drive, and one password to fake unlock your drive and instead unlock a volume that looks like your drive, where you store stuff that looks important but isn't your real secret.
One way to enforce the PIN unlock in MIUI if you have it with fingerprint unlock is to tap the fingerprint scanner five times with the wrong finger and it will ask for the PIN. After entering the PIN the fingerprint will work again.
reason.com
Hot