In-display fingerprint sensors have become commonplace in virtually all Android smartphones, for better or for worse, and five years later…

  • skuzz@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    16 hours ago

    So is typing in your passphrase while out in public around cameras. Might as well just not use the phone.

    Just familiarize yourself with your phone’s lockdown mode so it’s muscle memory.

    • GBU_28@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      4
      ·
      edit-2
      16 hours ago

      If you don’t succeed in lockdown before seizure, or aren’t conscious, your biometrics can be used without your consent.

      Taking reasonable steps to improve your security doesn’t mean all efforts are all or nothing

      • socsa@piefed.social
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        16 hours ago

        For my threat profile, state actors compelling biometrics from my EDC phone is pretty low on my list of concerns. That shit is intentionally sterile because I know they will just push me a compromised “security update” if they want in.

        And in any case, I’d still rather be able to fight the collection in public, vs being compromised by anyone who paid the janitor $20 to plug a USB drive into my phone.

        • GBU_28@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          16 hours ago

          Sure, as conversation, i’ve heard of thieves face unlocking phones they just stole.

          Indeed running as sterile an every day phone as possible is another great security approach by reducing risk.

          • socsa@piefed.social
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            14 hours ago

            Yeah I don’t really care what a thief does with my phone after they brain me. It’s the skull damage which concerns me. My google account is locked down with a hardware key so there’s only so much damage they can do before I wipe the device. Unless I’m dead, in which case I guess it doesn’t matter. Also my wife knows how to handle this situation. I would strongly suggest investing in posthumous spouse security as early as possible.

            • GBU_28@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              16 hours ago

              Your last sentence is great.

              Regarding the prior stuff, that’s very “you specific”. There’s of course tons of caveats or gotchas to my broad statement, but it doesn’t make it untrue.

              Biometrics present a less secure access path to a device…

              • socsa@piefed.social
                link
                fedilink
                arrow-up
                2
                ·
                16 hours ago

                My point is that they are separable threat profiles. If you are more concerned about your sketchy tinder date grabbing your lock screen password, biometrics are great. What I would love is a quick settings toggle for biometrics.

      • RvTV95XBeo@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        15 hours ago

        Jokes on them, my phones stupid fingerprint reader only works about 3% of the time. They’ll get frustrated and give up before finding anything, I know I usually do.