FYI - Graphene OS had biometrics with pin
-
Same here. Although I have no real reason with my threat level. But I could see how it could be relevant for some people. I also liked the idea because regular people could potentially use your thumb print when sleeping or something so this stops that Initial unlock.
-
IANAL, but if used as a burner phone with nothing identifiable on the device itself, you could probably claim you found it on the ground somewhere. You wont get the phone back most likely but that might be better than the alternative
-
I use biometrics for unlock too. If you click "Lockdown" in the power menu or just hold down the power button until your phone restarts (it should vibrate, so you can even do this while it's still in your pocket), it requires the PIN again in order to be able to unlock it.
-
Makes sense. Also wasn't aware of "IANAL" and was hesitant to google but got it. Thanks lol
-
Oh nice. Do you know if the lockdown option encrypts the phone?
From what I read, I believe on initial boot up, the phone is encrypted before first unlock but no longer after.
-
Ha, I found this the other day and thought it was neat... And turned it off after 30 minutes.
-
This guy anals.
-
I was reading somewhere Android is not encrypting the storage whit lockdown, only biometrics are disabled.
-
I need to use pattern after restart. I can restart my phone pretty quickly if needed.
-
No apologies! Not complaining
-
Its always encrypted, just that the keys are in RAM when it runs.
In case of graphene though you can have a distress pin that wipes the encryption keys, making the phones content irrecoverable.
-
Yes, but that requires you to have of it. If it's been snatched out of your hand, it's too late for that.
-
-
Related:
Download Wasted (https://f-droid.org/en/packages/me.lucky.wasted/) - You can set your phone to auto-wipe after X amount of time without being unlocked, and also various other triggers for wipe, like creating a fake "Signal" or "Telegram" icons on your homescreen that would trigger a wipe if tapped, or a fake "Airplane mode" tile that would trigger a wipe. Very useful stuff. (Might wanna learn the laws in your jurisdiction tho, could get you in trouble.
There's also Duress (https://f-droid.org/en/packages/me.lucky.duress/) which doesn't work on my Samsung, but it worked on a Motorola that I once has. It sets up either a fake pin (aka: duress pin), and the duress pin can also be to just enter X characters, where X is at least 2 chracters more than your real password (example: if your pin is "2025", all you have to say is any string of 6 characters or more like "123456" and the wipe will happen, very useful since you probably won't remember a specific duress pin under stress)
-
GOS has a duress pin feature fyi.
-
FYI, for folks using a normal PIN and looking to use this, it's intended that the 2nd factor PIN at least be different than the main unlock PIN. Otherwise you can just swipe up to dismiss the fingerprint prompt and get to the main PIN prompt; if its the same as your 2nd factor, that's pointless.
I was told on the Graphene matrix channel that the most secure configuration for this is:
Main unlock method: 6 character diceware password
Secondary unlock method: biometric + 6 character 2nd factor PINBe aware that if you use this config that you will be prompted for the main unlock method (long password) at reboot, and also every 48 hours.
-
Oh wow, I'm getting more jealous
I'm still hanging on my Samsung A-series phone because of the microsd card slot (and also don't feel like spending $500 for a phone at the moment)
-
If you're worried about paying $500, I got my 6a for $200 from Best Buy (I checked beforehand to make sure it would be unlockable)
-
Thanks for sharing! This also kind of clears up my confusion that I mentioned I'm the EDIT at the end of my post. I was wondering what the real benefit to this is but it seems like a password as the main with the pin and bio as the secondary seems to provide:
- Main unlock: More. Secure with password?
*Secondary unlock: "quicker" but also secure due to the pin with the bio.
Is this more or else the right idea?
-
