Dumdum So PIN + biometric on BFU and only biometric on AFU won't be an option then?
No, the feature only adds a PIN to secondary unlock method (fingerprint). It does not affect primary unlock method.
Dumdum Is using PIN + biometric on AFU still fast/convenient enough to not be an annoyance (I know that's very subjective)?
Well, someone who doesn't use a fingerprint today because they're concerned about being forced to unlock their phone likely uses a PIN. So they'd have to type that same PIN, and hold their finger on the screen. I don't imagine it'll be inconvenient.
Dumdum I say this simply because I'm generally not a fan of long passwords (especially on account of faulty memory) so I would prefer my setup to be as described above, so I can get at least some benefit from this feature.
I understand. The intended use case here is making sure the secondary unlock method doesn't allow someone to just put your finger on the screen and unlock your phone (since they need a PIN).
Even if your primary unlock method is a PIN, this still makes sense in some situations. Let me explain why:
Let's say your primary unlock method is a 6 digit PIN (perfectly fine for most people, secure element's got your back). That PIN is 123456.
You've also set up biometrics (fingerprint) and enabled the 2FA feature. The 2FA pin is 654321.
You might ask what the point of that is when the main unlock method is just a 6 digit PIN.
When you're out and about, you never use your primary unlock method PIN (123456), instead, you use your fingerprint and 2FA PIN (654321), because that means that:
- Someone can't shoulder surf your PIN to get into your phone once they snatch it (cause they're missing your fingerprint)
- Someone can't knock you out and press your finger on the screen to get in (because they need to know the 2FA PIN)
They'd specifically need to shoulder surf the 2FA PIN, and knock you out or otherwise gain access to your biometrics to get in.
Additionally, you can at any point put the phone in lockdown mode, meaning the secondary unlock method doesn't work until you use your primary unlock method. And since you've never used it while out, they have no way of knowing what it is, cause you've been using the secondary PIN the whole time. Of course, you can also reboot the phone to achieve the same effect (only primary lock method being usable), with the added benefit of the device being in BFU state so that data is at rest.
The feature allows a lot of fun thought experiments like this. :) I'm pretty excited about it.
edit: typos