0289380427 if I understand the question correctly, the project account already answered here: https://discuss.grapheneos.org/d/18585-2-factor-fingerprint-unlock-feature-is-now-fully-implemented/46
2-factor fingerprint unlock feature is now fully implemented
Carlos-Anso Right, we had carried out tests on a door lock with a fingerprint. The matching fingerprints were directly around the lock. :)
- Edited
Excellent feature. Great job devs!
I wanted to report that I've observed 4 instances of the PIN portion of the 2FA process not appearing after fingerprint acceptance. Pixel 7.
The first two were a fews days apart, on OS 20241230.
The second two were in immediate succession about 1 minute appart on the latest OS 2025010700 - I received a notification, applied fingerprint and the phone immediately unlocked without asking for PIN. I finished what I was doing, put the phone down and about minute later received another notification and the same thing happened again when I picked up the phone and applied fingerprint to unlock - no pin requested. When I tried to replicate this a 3rd time, the 2FA worked as expected.
I'm not sure what may be causing the 2FA to not work in these 4 instances out of hundreds of unlocks since I turned the feature on.
I have the screen timeout set to 30 seconds, and its set to lock 5 seconds after that.
I tried "unlocking" in this 5 second buffer when the screen is off. Tapping anywhere on the black screen will immediately spring it back to life (as expected). If I instead happen to use my fingerprint on the sensor, the same thing occurs, but it shows the fingerprint animation (white light under the sensor location) , which makes it appear as though it accepted my fingerprint and "unlocked" but in reality its just waking the device back up before it locks in that 5 second window.
It's possible that this is what I've observed on these 4 occassions - I catch the device in that 5 second buffer where the screen is off, but it hasnt locked itself yet. When I go to "unlock" my phone with fingerprint as is muscle memory, it simply wakes the device back up, while making it appear as though it accepted a finger print in the process.
With this behaviour in mind, I'll keep a close eye on it to confirm if there are any instances of true unlock without a PIN.
r_dac It's possible that this is what I've observed on these 4 occassions - I catch the device in that 5 second buffer where the screen is off
We are aware of this and that is exactly what is happening. Its AOSP code that fires the FP sensor when the screen is off even when the device is not locked.
IIRC in this state you can also use the wrong finger, but it has to be rejected a few times before it 'lets you in'/turns the screen on. Can set a longer period after the screen times out before it locks if for some reason you want to more easily experience this behavior
It was the first thing I did after updating to this release, this new feature is amazing!
I've witnessed another 2 instances of 2FA unlock without PIN prompt, and I'm confident in these cases it was not the result of the screen timeout behavior noted above.
First instance today: Phone was locked and on change with a wall socket over night when I picked it up to check a stale notification this morning - 2FA worked as expected. However, when I went to unlock the phone again 2 hours later (still connected to wall plug) to dismiss an upcoming alarm, the PIN prompt failed to appear when presented with a fingerprint.
Second instance occured 5 mins later: While still plugged in, I received a notification and picked up and unlocked my phone to check it. Again, unlock occured with fingerprint only.
When I tried to replicate this a 3rd time, 2FA worked as expected
I'll report back if I see any more apparent instances 2FA-unlock without PIN prompt, with the hope of pinning down what might be triggering them.
Could you try setting the phone to lock immediately after screen timeout.
Also what device are you using? Do you have any "trust agent" apps installed, such as Smart Lock? Trust agents can be checked in Settings > Security and privacy > More security and privacy > Trust agents.
r_dac Doesn't appear that your device is locked at all and you believe you're unlocking it with the fingerprint when you aren't.
No trust agents. I'm using a Pixel 7. I haven't seen any more instances at this time.
That's what I initially thought too, but if my phone isn't locking itself after sitting idle for extended periods of time (well beyond the 30 second screen time out and 5 second buffer settings), then that may indicate another issue all together.
I'll keep an eye on it. If it happens again I'll try removing the 5 second buffer setting so the device locks immediately once the screen times out.
Thanks
r_dac Check your configuration across users if you're using multiple. The Owner user configuration still applies to an extent in secondary users.
Hi,
I use only the single Owner user, and Private Space isn't enabled.
I saw 2 more occurrences of the 2FA PIN prompt not appearing during unlock today. I am confident that the device was locked prior to the second occurrence because when I put the phone down, I locked it with the power button and intentionally swiped up to confirm it would ask for a password and left it alone for about 3 hours. When I came back to it after 3 hours, I picked it up, applied my fingerprint and it unlocked without prompting for a PIN.
I saved the system log after that occurrence and noted the approximate time of the second occurrence (I can't recall exactly when the first one happened today). As soon as this happens again, I'll save the log once more and hopefully that will provide some useful data for a point of comparison.
I discovered the exact condition that is leading to the 2FA PIN prompt not appearing after fingerprint unlock in some cases.
I confirmed this is repeatable everytime on my device, even after a reboot. I saved a system log which I can share if it's helpful.
Setting required to reproduce:
Always Show Time and Info - toggled on
Confirmed to happen with the following optional settings:
Powerbutton is set to lock immediately, and I confirmed this still happens whether I have a post-display timeout buffer of 5 seconds set, or no buffer (locks as soon as display turns off to the always-on clock) - makes no difference.
So, the exact state is this:
Once the device is locked, either by screen timeout or powerbutton, the screen transitions to the always-on-display with a clock, but no fingerprint icon, nor shortcuts (if enabled).
When in this state, unlock with fingerprint will not trigger 2FA on my Pixel 7.
However, if the screen is first "awoken" out of the always-on-display, such that the screen brightens, the fingerprint icon appears, and shortcuts (if enabled) appear, then 2FA will work correctly.
Hopefully someone can try this on their device to confirm of its isolated to just mine or not.
Thanks
Are you using always-on display?
Are you disabling animations via either Accessibility or Developer options?
We've found an upstream bug in the Android lockscreen implementation which may explain what you've seen.
Yes to both. I have always-on-display and animations disabled via Accessibility menu.
Turning the animations back on changed the always-on-display behaviour I described above. It now shows the fingerprint icon and 2FA PIN appears as expected.
Looks like we found the issue.