GrapheneOS version 2024123000 released

How to enable the 2-factor fingerprint unlock feature? I couldn't see anything under device unlock section. Pixel tablet on Alpha build.

Installed from Alpha channel on a Pixel 8 Pro.

One minor regression I noticed is that the haptic feedback for scanning your fingerprint is gone when the Second factor PIN is enabled.

Otherwise, no major issues to report.

Great work on this massive update, Happy New Year!

GrapheneOS

This is the feature I've been waiting for, for more than a decade! Thanks so much for working on this security+convenience feature!!

androidin Did I get that right that the second factor could be a 4 digit pin

4 digits is the minimum yes.

androidin totally independent from the pin dealing as second choice to unlock?

Yes it's an optional 2-factor pin for unlocking with fingerprint if you use that as a secondary unlock method.

androidin Saying this, this second factor comes only into play the first time after boot or if e.g. the fingerprint isn't been recognised for 5 times?

Always when you unlock with fingerprint after first unlock and it has been less than 48 hours since you used your main password to unlock.

Sorry to say, but device unlocking will now last much longer since every time the second factor has to be given. I understand the plus of security but do you expect that this is used broadly? I activated it and was annoyed after only some unlocks. Can't really see the chances in activating this. It's frustrating me. What a shame that it did cost so much development resources rather than spending the time in secure face unlock

DeletedUser202 understood. In my tech company the product owners need also to decide about the priorities to implement something. But I can't believe that this feature is used heavily.

GOS doesn't track users behaviour, therefore it's hard to learn whether a certain decision was fine or not. The team has to rely on open feedback like this forum.
Therefore again: for me this feature development was a waste of time. Just my opinion and hopefully others will kick in this thread and give their opinion as well.

BTW: indeed it is not only a 4 digit pin as minimum requirement, it is also to acknowledge the input after entering the 4 digits which brings us to 5 clicks additionally to the fingerprint!! No, deactivated. I would wish that it comes along with a timer, let's say one hour after using the second factor, it is not asked again for the second factor

androidin Sorry to say, but device unlocking will now last much longer since every time the second factor has to be given.

That is an expected result of the feature functioning as it should - that is to say, it is prompting you for the configured PIN after authenticating your biometrics. So there's no need to be sorry at all, you're just explaining that the feature is working as intended.

androidin I understand the plus of security but do you expect that this is used broadly?

Yes, this is a highly requested feature for many years now. We expect people who understand why the feature exists and who can benefit from what it provides to use it. If someone wants to distrust the secure element by using a lengthy passphrase with ₉₀ bits of entropy, and also doesn't want to be susceptible to someone like a street mugger to knock them out and use their finger to unlock their phone and run off with all of their data, I suspect they will find this feature extremely useful. Before, they had to either compromise and use a short PIN as their only line of defense, or they had to use a longer passphrase with the secondary method being just a fingerprint. The added layer of protection that this feature provides insulates users and provided a more secure secondary authentication method that will allow more people to be able to daily drive a drastically more secure passphrase. Even if it's a minority using this feature, it will be the people who have a real need for it, just like with other features that GrapheneOS provides.

androidin I activated it and was annoyed after only some unlocks.

If your current primary unlock method is a short PIN, and you use a fingerprint as the secondary method of unlocking your device, I get it - I'd probably be annoyed too in your position. Now consider someone who uses a long passphrase and doesn't even use a fingerprint because of the kind of attacks that can expose them too. From their perspective, this just made their life a lot easier!

androidin Can't really see the chances in activating this.

That's perfectly fine, it's completely optional.

androidin It's frustrating me. What a shame that it did cost so much development resources rather than spending the time in secure face unlock.

I'm genuinely sorry to hear that this is frustrating to you, especially since you follow that up with the assumption that the time used to develop this feature could be used to provide something that we fundamentally cannot. GrapheneOS already did support secure face unlock. It was supported in the 4th gen Pixels that had the appropriate hardware for face unlock to be secure. The latest Pixels don't provide that, and we can't wave a magic wand and make a camera face unlock implementation magically secure.

Hope that context helps!

androidin What a shame that it did cost so much development resources rather than spending the time in secure face unlock

Official statement: https://grapheneos.social/@GrapheneOS/113742655326435403

matchboxbananasynergy That use case convinced me, didn't have this in mind. I live in a very peaceful area where the chance that such a thing happens to me is extremely low. But, taking your described use case into account, I can imagine to activate the second factor temporarily, eg when travelling or going to a bigger event. Thanks for sharing this.

androidin For your use case of using it temporarily when you're in a high risk area or even, you don't even have to be using a long passphrase as your primary unlock method, the feature still helps if you're just using a PIN for your primary unlock method. Here's why:

You can enable the feature and when you're outside, always use the fingerprint + 2FA PIN combination to unlock your phone. That means that someone looking to mug you can't shoulder surf your PIN beforehand, because it will be useless to them, as they won't have your fingerprint, and of course your primary PIN will be different. In the scenario that they knock you out and try to use your finger on it, they won't know the PIN. To make shoulder surfing the PIN harder, the PIN scrambling feature can be used in tandem with the 2FA feature as well.

The more you think about it, the more flexible this feature becomes, which is why I do think it will be at least situationally helpful to all kinds of folks with different threat models. Sadly, the scenario of having your PIN shoulder surfed when outside and then your phone being snatched as the thiefs try to access what data they can get off the phone is not uncommon depending on where one leaves. Extra defenses against that are definitely welcome.

GrapheneOS Some questions to your recommended setups:
To 1: a 6 digit pin is fine, which gives you "only" 1.000.000 combinations? Probably you mean in combination with the extended time you will have between increasing number of trials? Is there a spec for this time? Ate there other consequences or just the time?

To 2: what's your recommendation regarding the length of the pin using it in combination with fingerprint?

Take a look at this changelog - amazing! Do you guys ever sleep?

Thanks for your great work and have a good start to the new year!

INSTALLED on P9P XL and working as expected! Will report any issues if found. Amazing work as per usually... GOS is the best thing since sliced bread!

In my opinion, face unlocking is a high security risk. The new method makes more sense to me.
Thanks to the Graphene OS team for their work and support