• General

  • Fingerprint and facial ID. How secure is it really?

Hello, just a query. I'm using an Grapheme OS device, but, I'm still using pass phrases via Bitwarden to store my log-in details.

I'm still not convinced that fingerprint and facial ID is the way to go, when I look at securing my device.

I like the way it's quick and convenient to use, however, its not much help if someone "upsides you in your head with a blunt brick" while you are using it. Then while you are in a daze they grab your device and access it using you bloodied head or your severed finger and/or thumb without you consent.

I know they can do the same for your pass phrases, but, at least you have options, options which give you time to access the situation you are in.

All comments welcome.

That's a good point. If you have sensitive information on your device, some criminals may not hesitate to cut off fingers or hands to get into it.

Another important consideration is the legal differences between biometrics and knowledge based security. Some places, I'm familiar with Canada and the USA (5th amendment) have protections against self incrimination, but that only applies to knowledge based security and not biometric security. If they can take your picture and fingerprints to implicate you in a crime, they can also use them to unlock your phone.

What makes GrapheneOS very interesting in this regard, is that it provides a split-the-difference option, which is to enable biometrics (figerprint), but not on the lockscreen. That means that you need to use the pin to unlock the phone, but when accessing sensitive applications, you then can use biometric authentication. That option can be accessed in fingerprint lock settings.