• Announcements

  • 2-factor fingerprint unlock feature is now fully implemented

Our 2-factor fingerprint unlock feature is now fully implemented and will be available in the upcoming GrapheneOS release. This adds the option to set a PIN for using fingerprint unlock. You can use a strong diceware passphrase as the primary unlock method with fingerprint+PIN secondary unlock.

The usual restrictions on fingerprint unlock still apply. It's a secondary unlock mechanism only usable for 48 hours after the last primary unlock. The limit on failed fingerprint unlock attempts in GrapheneOS is 5 as opposed to allowing 4 batches of 5 attempts (20 total) with 30s delays in between.

The devices we support have a high quality secure element heavily throttling unlock attempts which is why a random 6 digit PIN provides secure encryption, unlike most Android devices. It's nicer to have a strong passphrase not depending on an attacker never being able to exploit the secure element.

Our new 2-factor fingerprint unlock feature means you can get this benefit of a strong passphrase while still having the convenience of a PIN. Since our PIN scrambling feature works with the 2nd factor PIN, you get the combined anti-shoulder-surfing benefits of a scrambled PIN and a fingerprint.

If you want to avoid entering your passphrase in public, you just need to make sure to refresh the 48 hour timer after last using it to unlock to keep fingerprint unlock available. We plan to add configuration for how many failed fingerprint unlock attempts are allowed to help with this use case.

We came up with the concept for this 2-factor fingerprint unlock feature in 2015 and filed it in the public issue tracker in 2016. This was extremely difficult to implement correctly and we needed to fix multiple upstream Android bugs. The lockscreen will be more robust even if you don't use this.

This is now one of the flagship features of GrapheneOS alongside hardened_malloc, hardware memory tagging, hardware-level disabling of the USB-C port, Storage Scopes, Contact Scopes, sandboxed Google Play compatibility layer, etc. It will be harder to port to new versions than our existing features.

Our duress PIN/password feature is fully compatible with our 2-factor fingerprint unlock and will near instantly wipe the device as usual if you enter the duress PIN instead of the correct 2nd factor PIN for fingerprint unlock. See https://grapheneos.org/features#duress for more details on that feature.

This post is also available on social media platforms:

https://grapheneos.social/@GrapheneOS/113738455998741928
https://bsky.app/profile/grapheneos.org/post/3lehzq3i3d22z
https://x.com/GrapheneOS/status/1873496781373497667

    Absolutely amazing efforts. Thanks to the team. Incredibly appreciated. You mentioned a secure diceware password generator some time ago. Will it be shipped together with this feature?

      This is huge! I've been excited for that feature for a long time now - thanks for your work, can't wait to try it out!

      What an ingenious feature and great implementation. Thank you for your awesome work, I can't wait to try it out.

      The bug that forces to insert the primary password, not the fingerprint, when closing session at not primary user then retourning to primary is still present.

        Thann you so much guys, you do an amazing job, as always !
        @All : please don't forget to donate to the project :)

        GrapheneOS It will be harder to port to new versions than our existing features

        Does this mean the feature may be removed with a major update of AOSP ?

          GrapheneOS It will be harder to port to new versions than our existing features.

          Means, it can extremely delay GOS updates/upgrades if Google makes changes.
          or the alpha and beta runs are getting longer

              What are the real use cases for this? You wont accidentally unlock your phone / you wont be forced to unlock by customs?

              AlphaElwedritsch Means, it can extremely delay GOS updates/upgrades if Google makes changes.
              or the alpha and beta runs are getting longer

              DeletedUser119 Does that mean all GOS updates will be delayed in the future?

              That means the workload on our end increases moving forward. That goes for any new feature, but the more complicated ones have a bigger impact obviously. We are gradually welcoming more people to the team to stem this ever increasing workload (we're at 7 full-time developers at the time of this writing) but that comes with its own kind of logistical challenges too.

              Remember you can help as well, switch to the alpha/beta release channels and report any bugs you encounter. You're generally not expected to do anything special either, just use your device as you normally would.

                  This is fantastic news, a real game changer.
                  Thank you infinitely for this feature, which will now be very difficult to maintain in the long term and will require a lot of work with each update.

                  Thanks to all of you.

                  If users impliment this, do you have to enter fingerprint and pin each unlock or is it fingerprint with pin fallback?