- Edited
overstep that's a very interesting question I hope some mod can answer it
2-factor fingerprint unlock feature is now fully implemented
What's the threat modelling for this? Why do I want 2fa unlock instead of only fingerprint?
- Edited
Upstate1618 So you can use a strong diceware passphrase as your primary unlock method while having the convenience of fingerprint+PIN for secondary unlock. You avoid depending on secure element throttling to provide secure encryption for a random 6 digit PIN and you avoid it being possible to unlock your device with only your fingerprint. It's also more secure than solely using a fingerprint as a secondary unlock method because it also requires the PIN. You can benefit from the anti-shoulder-surfing properties of a fingerprint and scrambled PIN for the regular unlock method you use in public vs. a passphrase typed on a fixed layout keyboard.
- Edited
overstep I'm currently using KeePassDX with biometric (fingerprint) unlocking allowed. When I use the fingerprint, it doesn't require a PIN as a second factor - probably because the phone is already unlocked. I think it should do the same for other apps too.
GrapheneOS By the way, is [2-factor fingerprint unlock] the official name for this feature?
DeletedUser76 The feature only applies to unlocking the device, not apps that use device credentials.
- Edited
Seems complicated.
If I understood correctly, you have a FIRST MAIN unlock method (passphrase) and after unlocking one time, every time you want to unlock there will be this second method ? But you'll have to use both your finger and the PIN to unlock ? I don't understand the "2FA" in this specific case (I know what this is in a common method).
- Edited
IksNorTen You're missing what the feature does, perhaps because you haven't used biometric unlock on iOS or Android. On both iOS and Android, the way biometric unlock works is that you have a PIN/password as your primary unlock method and can enable biometric unlock as a secondary method only usable after first unlock for a limited amount of time since since the last successful primary unlock. They also enforce an attempt limit where if you fail too many times, you need to use the primary unlock method. This feature doesn't add any new twist to that system. Our feature adds the option to set a PIN which is required after successfully using a fingerprint in order to complete the unlocking process, that's all.
Using a random 6 digit PIN for your primary unlock method is a balance of convenience and security which entirely depends on secure element throttling for secure encryption. An attacker able to exploit the OS and then the secure element from there can bypass the encryption. It's extremely hard to exploit the high quality secure elements in Pixels but it's possible. As far as we know, Cellebrite still hasn't developed a Titan M2 exploit for the Pixel 6 and later but they did figure out how to exploit the Titan M1 eventually. Using a strong diceware passphrase avoids depending on anything that can be exploited. However, that's very inconvenient. That's where the iOS and Android biometric unlock via face/fingerprint comes in to make it convenient, but at a huge security cost. Biometric unlock can be physically forced. Your face or fingerprint could also be cloned in a way that allows them to unlock. You leave your fingerprints on everything you touch and your face can be recorded by multiple cameras at the same time almost anywhere you go.
The whole point of our new feature is enabling the security of a strong passphrase combined with the convenience of biometric unlock in the usual way that works on both iOS and Android, but with the twist of requiring a PIN to complete the fingerprint unlock process. It's quite a simple feature: you can set a PIN required to complete fingerprint unlock. You don't have to enable it.
There has been huge demand from a large portion of our userbase for something like this for years. Having secondary unlock via fingerprint+PIN instead of only fingerprint is a big deal.
cdflasdkesalkjfkdfkjsdajfd This is an upstream Android issue, not GrapheneOS specific.
GrapheneOS Yes, I know. Only asking how new 2FA feature will work around this issue. Still had to enter main password when retourning to main profile from a secondary one or what?
cdflasdkesalkjfkdfkjsdajfd All it does is add a PIN entry required after successful fingerprint unlock where failures count against the attempt limit. It doesn't change the earlier UI. We did fix several upstream lockscreen UI issues but not that one.
I understand a lot better now, thank you ! Before I had a 12-digit PIN different for each of my profile + fingerpint (I don't want to use a passphrase each time too much because It's not convenient and I want to be sure that I have a least a 12 digit as a compensation). But this new option seems better because I could now set a passphrase + have a 6 digit instead of a 12 digit + fingerprint in additio to that, to enhance security. Thanks !
GrapheneOS
This is truly amazing! Thank you so much for all your hard work!
Amazing that feature-requests are already released before I even submitted it...
Having a prompt for a fingerprint already indicated "they" should look for your fingerprint.
Now the only wish I still have is a unscrambled pin-prefix of 2 or 3 or more digits, before the rest of the pin is scrambled.
Reason I wish this is because now a scrambled PIN pad indicates the phone could have a Duress PIN
(which likely prevents it from doing it's task when needed).
How do I be able to activate this feature I've updated my device to alpha but still not able to locate it?
- Edited
The function is very expected, but there is a question: my main language is not English, if I set the password for the first unlock in another language, will I be able to enter it? I'm afraid that I will set the password, and the keyboard will not give anything except English
G3nie settings, security, enable touch/finger unlock, add your finger. After this you can setup pin+fing for screen and pass for 1st unlock
The more I think about this, the more I appreciate this addition. I will definitely use it going forward.
I work in incident response and need to generate OTPs on my phone for various work related activities throughout the day. On bad days, I need to log into remote systems very quickly using the OTPs and every second I spend trying to unlock my phone is a second wasted. So for convenience I use fingerprint unlock, even though I feel uncomfortable with the potential security compromise
The new feature means I can keep my long PIN for first/primary unlock and use a fewer digit PIN alongside fingerprint for convenience and reasonable security.
Will there be a auto accept toggle for the pin? Like regular pin without fingerprint?
@GrapheneOS thank you for that feature. Imo this is the best after mte
In my case, I could now choose a much longer main password. This now only has to be entered at the beginning, after which I am still very well set up quickly and securely with a 6-digit code and the fingerprint. After 4 hours without use, the device goes into bfu mode or switches back to the main password. It's more than perfect for my needs!