• Announcements

  • 2-factor fingerprint unlock feature is now fully implemented

  • GGORG

    • Post #51

    I love this feature!
    So far after using it for a few hours I can say that I do have some suggestions:

    • Optional auto accept (same as regular PIN, no need to press enter to unlock - it automatically submits after you enter enough digits). I know that this isn't as secure (revealing the length of your PIN), but it should be an opt-in option for those who want it.
    • Small bug: there is no vibration once you scan your fingerprint and the keypad pops up - it's useful when typing your PIN from muscle memory without looking at the screen or while hiding the screen from others (and yourself too)
    • Some sort of icon at the top of the screen, different vibration pattern (see #2) or another easier (than text above the keypad which sometimes doesn't even show up) way to distinguish which PIN (if you also have a [longer] PIN set as your main unlock method) you should type in

    The last 2 are a bit lower priority, but they would be very nice to have!

      JollyRancher cool idea, but that would require changing the layout of the PIN entry screen because the fingerprint scanner is directly under one of the numbers, and that would add a lot of extra work.

          Ammako
          Realistically, the best I am hoping for is that they can make the order Pin > Fingerprint instead of Fingerprint > Pin.

          That would prevent testing the fingerprint until after the pin has been successfully entered.

              JollyRancher Realistically, the best I am hoping for is that they can make the order Pin > Fingerprint instead of Fingerprint > Pin.

              https://github.com/GrapheneOS/os-issue-tracker/issues/4599

              GGORG Small bug: there is no vibration once you scan your fingerprint and the keypad pops up - it's useful when typing your PIN from muscle memory without looking at the screen or while hiding the screen from others (and yourself too)

              https://github.com/GrapheneOS/os-issue-tracker/issues/4600

                  I've set this up, but I've found an anomaly I don't think should be happening. When I go to unlock, I'm first required to provide my finger print, once complete I am then presented with a screen asking for my PIN which is headed 'Enter second factor PIN. Great, it works!!

                  The problem is that I can swipe up on the finger print screen and without providing a finger print I can get to a screen requesting 'Enter pin' and by entering my PIN I can access my device.

                  Am I missing something, but surely the latter shouldn't be possible? Thanks.

                    custardbomb That's because you've set a PIN both for main unlock method and for 2nd factor for your fingerprint. The solution is probably better suited for setting a strong (diceware) password as main unlock and PIN only for second factor for fingerprint.

                      This is amazing work! Thank you! While people are throwing wish list stuff out there, having the ability to use location or network based (WiFi network) rules for when 2FA is in force would be a dream.

                      Connected to a trusted home network or at a trusted location? 2FA is disabled. Anywhere else or WiFi off? 2FA is enabled.

                      Any chance there could be an option to increase the amount of failed fingerprint attempts before forcing the main passphrase, when using 2FA PIN? Because the optical fingerprint that us peasants without a 9 series have to use is kind of trash. It's been less than a day and I've already been locked out of fingerprint unlock because it refuses to recognize my fingerprint too many times in a row.

                      Following other's advice online, I've registered the same finger 4 separate times, to maximize the amount of data points available and minimize the chances that it would fail to recognize my print, and still it failed enough times in a row to force main passphrase. Which is not a good thing if you were hoping to avoid having to ever enter the main passphrase outside of your home.

                      It makes sense to limit the amount of failed fingerprint attempts to guard against bruteforcing, when the fingerprint is the only thing preventing access to the device, but when you have a 2FA PIN, throttling the fingerprint isn't really necessary, as long as PIN attempts after it are throttled.

                      This is a very good feature that I'd love to use, and many others too, but when the fingerprint reader is so unreliable, it just isn't practical. If the fingerprint throttling could be relaxed or removed, that should solve this problem without sacrificing security too much.

                        According to GOS, what is the best unlocking method for combating forcible entry?

                        PIN without fingerprint or password + fingerprint and 2FA

                        Unless both methods are good?

                          Ammako

                          What you're describing isn't at all normal unless you're using a screen protector. If you have a screen protector, that's the problem.

                          Don't register it multiple times. Delete the existing ones, register it once and use it repeatedly after the initial registration while moving around your finger to help train it better. Using it more will train it better. Having it registered multiple times will mean only one gets selected and updated each time you unlock which will make it much worse in the long run. It's a short term hack making it worse in the long run.

                          We plan to make the attempt limit configurable but your experience doesn't match the experience of the vast majority of users without screen protectors. Screen protectors are a huge issue for fingerprint unlock, particularly optical and particularly if they're those privacy screen protectors reducing viewing angle.

                            Stewart A strong diceware passphrase with 2-factor fingerprint+PIN secondary unlock using a random PIN is far better than the same random PIN as a primary unlock method. That's the whole point of the 2nd factor PIN feature. It allows using a strong passphrase with more convenience via the secondary unlock method. Fingerprint+PIN is also better than a PIN by itself too even only when considering the device in After First Unlock state where secondary unlock hasn't been locked out. Our original post explains all this and why: GrapheneOS.

                                  GrapheneOS Okay, thanks for the feedback, I've only been using the PIN until now, I'm going to switch to passphrase + fingerprint and PIN.

                                    Hi everyone,

                                    I appreciate the effort in enhancing security with the 2-Factor Fingerprint Unlock feature in GrapheneOS. However, I believe it could strike a better balance between usability and security by requiring the Second Factor PIN conditionally.

                                    For instance, the system could:

                                    • Allow regular fingerprint unlocking during normal use.
                                    • Trigger the Second Factor PIN after a configurable number of failed fingerprint attempts.
                                    • Continue requiring the primary passphrase in critical situations.

                                    This approach protects against biometric spoofing and coercion while reducing the inconvenience of entering a PIN. It also makes the feature more adaptable to different user threat models.

                                    I’d love to hear your thoughts! Is this something the team could consider for a future update?

                                    Thanks again for your hard work on GrapheneOS!

                                      peroxide7881
                                      I don't like this idea.
                                      I believe Fingerprint unlock is insecure as you leave your fingerprint everywhere you go which allows any motivated attacker the chance to clone the fingerprint and subsequently bypass the lockscreen.

                                          • faxe

                                            • Post #66

                                            Is it possible to have a 6+ digit second factor PIN confirm automatically? I believe it's possible with a normal 6+ digit PIN, so is this functionality simply not implemented or can I just not find it?

                                            Thank you for developing this feature.
                                            I probably won't use this feature on a daily basis as I don't need it currently for my threat model.

                                            However, I would like to use this feature for biometric unlock inside apps, e.g. fingerprint can unlock the device, but for unlocking e.g. KeepassDX or Aegis (if enabled), fingerprint and PIN is required.
                                            Would this even make sense and can be implemented in a secure way?

                                            yellow-leaves I would be very interested in seeing how easy or difficult this to literally clone a fingerprint on a pixel 8 fingerprint scanner, I don't think it's that likely. I think it would be more likely that you are forced into using your fingerprint.

                                            A good solution would be to have, after five or three wrong fingerprints, then have the pin code kick in with duress pass on.

                                            But I am genuinely interested. Is it easy to copy a fingerprint and use that on the phone?

                                                peroxide7881 This would entirely defeat the purpose of the feature. You can already use regular fingerprint unlock with the usual limit of 5 failed attempts.