cdflasdkesalkjfkdfkjsdajfd All it does is add a PIN entry required after successful fingerprint unlock where failures count against the attempt limit. It doesn't change the earlier UI. We did fix several upstream lockscreen UI issues but not that one.
2-factor fingerprint unlock feature is now fully implemented
I understand a lot better now, thank you ! Before I had a 12-digit PIN different for each of my profile + fingerpint (I don't want to use a passphrase each time too much because It's not convenient and I want to be sure that I have a least a 12 digit as a compensation). But this new option seems better because I could now set a passphrase + have a 6 digit instead of a 12 digit + fingerprint in additio to that, to enhance security. Thanks !
GrapheneOS
This is truly amazing! Thank you so much for all your hard work!
Amazing that feature-requests are already released before I even submitted it...
Having a prompt for a fingerprint already indicated "they" should look for your fingerprint.
Now the only wish I still have is a unscrambled pin-prefix of 2 or 3 or more digits, before the rest of the pin is scrambled.
Reason I wish this is because now a scrambled PIN pad indicates the phone could have a Duress PIN
(which likely prevents it from doing it's task when needed).
How do I be able to activate this feature I've updated my device to alpha but still not able to locate it?
- Edited
The function is very expected, but there is a question: my main language is not English, if I set the password for the first unlock in another language, will I be able to enter it? I'm afraid that I will set the password, and the keyboard will not give anything except English
G3nie settings, security, enable touch/finger unlock, add your finger. After this you can setup pin+fing for screen and pass for 1st unlock
The more I think about this, the more I appreciate this addition. I will definitely use it going forward.
I work in incident response and need to generate OTPs on my phone for various work related activities throughout the day. On bad days, I need to log into remote systems very quickly using the OTPs and every second I spend trying to unlock my phone is a second wasted. So for convenience I use fingerprint unlock, even though I feel uncomfortable with the potential security compromise
The new feature means I can keep my long PIN for first/primary unlock and use a fewer digit PIN alongside fingerprint for convenience and reasonable security.
Will there be a auto accept toggle for the pin? Like regular pin without fingerprint?
@GrapheneOS thank you for that feature. Imo this is the best after mte
In my case, I could now choose a much longer main password. This now only has to be entered at the beginning, after which I am still very well set up quickly and securely with a 6-digit code and the fingerprint. After 4 hours without use, the device goes into bfu mode or switches back to the main password. It's more than perfect for my needs!
Sad i can not use it with privacy screen protection no matter how many time I enroll my fingerprints..
(Pixel 6a)
Is there someone with P9, using privacy screen protection, using the 2FA ? I believe the P9 use an ultrasonic fingerprint sensor instead of an optical one right ?
For those who find it troublesome, I enabled this one day ago and now have already got used to it, surprisingly.
Give it a try !
rclemmer We considered it but it's more complex to support it so we decided not to do it.
- Edited
NetRunner88 Pixel 9 uses an ultrasonic reader which should work better with screen protectors that are properly compatible with it but not all of them are compatible. Blocking visual light spectrum doesn't imply blocking ultrasonic but it's not implied that screen protectors with that privacy feature will avoid making it significantly worse or breaking it.
Yah, its finally here. Proper 2fa is now possible.
And now for the complaints.
Is it possible to have the PIN entry screen appear regardless of whether or not the fingerprint is valid?
Or in the alternative require that the PIN be provided before the fingerprint?
Because right now, a hostile party could force your finger onto the scanner and establish that your fingerprint is programmed into the device. Even without the PIN or access this can be very valuable information; if nothing else it can tie device ownership/access to you.
Ideally, I would like the fingerprint to serve as the enter key for the pin and the only result that is provided is the device unlocks or not. I have doubt's that this is possible without Google's access to the secure element though.
i dont understand the purpose of this because when i used this i can still unlock the phone using only PIN
i looked forward to this to more convenient shoulder surfing protection, it takes me a long time to type the pin when they are scrambled, but fingerprint + regular pin would solve this
however when i set this up it accepts only my pin, so for this usecase the feature is pointless
or did i do something wrong?
- Edited
beatriz i dont understand the purpose of this because when i used this i can still unlock the phone using only PIN
Is this the method used for the first unlocking ?
beatriz i looked forward to this to more convenient shoulder surfing protection, it takes me a long time to type the pin when they are scrambled, but fingerprint + regular pin would solve this
however when i set this up it accepts only my pin, so for this usecase the feature is pointless
The advantage of this feature is that you can easily use a strong passphrase as the primary unlock method, e.g. between 4 and 12 words depending on your threat model, then use the fingerprint plus a 4 or 6-digit PIN for secondary unlock, which is the method you'll use most often and is much more convenient, so the passphrase is only required for primary unlocking.
Supported devices have a robust security element that is very difficult to exploit, which is why a simple 6-digit PIN provides secure encryption unlike others Android devices, but we also know that it's only a matter of time before the security element is exploited by attackers, there are currently no exploits for the Titan M2, but Cellebrite has managed to exploit the Titan M1, so Titan M1 can be exploited by attackers, a strong passphrase as method for the first unlock allows you not to trust the secure element if you wish.
I love this feature!
So far after using it for a few hours I can say that I do have some suggestions:
- Optional auto accept (same as regular PIN, no need to press enter to unlock - it automatically submits after you enter enough digits). I know that this isn't as secure (revealing the length of your PIN), but it should be an opt-in option for those who want it.
- Small bug: there is no vibration once you scan your fingerprint and the keypad pops up - it's useful when typing your PIN from muscle memory without looking at the screen or while hiding the screen from others (and yourself too)
- Some sort of icon at the top of the screen, different vibration pattern (see #2) or another easier (than text above the keypad which sometimes doesn't even show up) way to distinguish which PIN (if you also have a [longer] PIN set as your main unlock method) you should type in
The last 2 are a bit lower priority, but they would be very nice to have!
JollyRancher cool idea, but that would require changing the layout of the PIN entry screen because the fingerprint scanner is directly under one of the numbers, and that would add a lot of extra work.
Ammako
Realistically, the best I am hoping for is that they can make the order Pin > Fingerprint instead of Fingerprint > Pin.
That would prevent testing the fingerprint until after the pin has been successfully entered.