this post was submitted on 11 Oct 2023
291 points (98.0% liked)
Technology
59347 readers
4956 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hi, yes, I am that minority
I have a 37 character password with both cases, numbers and special characters to login to my pw vault using long random strings
My phone has a swipe pattern lock since that is the safest lock option it allows in the first place. I wish I could lock it better, but the only other options available to me are a 4 character pin, and fingerprints/facial scan. I hope the problems with those are obvious
Couple that with the fact that I have a daily predictable commute in public transit where I have a habit to put my phone next to me during breakfast and you have a recipe for disaster.
Finger prints on Android stop working after 24 hours, a reboot, and some other cercumstances. I feel pretty OK using fingerprint to unlock my phone, because in about 99% of cases I might be compelled to unlock my phone, I will either be able to restart it first, or that 24 hour timer will have expired.
I may be misunderstanding you, but how does that stop an attacker?
Getting a copy of someone's fingerprint can be done without their knowledge since it is the easiest biometric to accidentally leave behind. Having to restart my phone doesn't suddenly change my fingerprints.
Or, do you have to actually re-register your prints on a daily basis via a different form of authentication? That'd seem inconvenient and like it would just move the problem around
After the phone restarts, you must unlock your phone with your PIN(or swipe pattern) before you can use your finger again. The same is true with the 24 hour timer. Android also has a feature that if you hit the power button a set amount of times, it requires the PIN/Pattern too. So if my phone and my finger print have been separate for more than 24 hours, my fingerprint is useless. If I have any warning at all, my fingerprint is useless. Also, after a set number of failed biometric attempts it requires PIN as well. Which means the law better get the finger print right in only a few tries or they lose their chance.
Yes, it is technically possible that law enforcement may steal my phone, duplicate my finger print(in a way that works on my phone's finger print reader), and use that to unlock my phone while they have a chance, then suck everything out of my phone. But for anything government, that's moving pretty swift for anything they might want to book me for.
I'm guessing you could reduce that to a lower number of hours if you really felt the need.