Are fingerprint authentication solutions on smartphones more or less secure than using a PIN?

Are fingerprint authentication solutions on smartphones more or less secure than using a PIN?

>PINs can be shoulder-surfed by people nearby
>some fingerprint sensors are laughably easy to bypass with a bit of gelatin

Other urls found in this thread:

arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/
youtube.com/watch?v=bMYSWZr4a4Y
twitter.com/SFWRedditImages

There's no absolute answer. In some scenarios it's worse. In others it's better.

fingerprints should be used as usernames not as passwords reeeeeeeee

biometrics are usernames not passwords

If someone has prolonged access to your device, you're fucked regardless. Phone, tablet, or laptop. A print is good so someone can't just sit there and guess your pin whether manually (if they know you, they'll try your Birthday or some other number they know means something to you) or brute Force with a program.

Also depends on the device. I have a decent flagship device so my finger print reader only reads one finger properly. None of my other fingers or anyone else's will unlock it. However I've dealt with budget Android devices that had scanners. I was able to unlock their device just by moving my finger around a bit for a little while.

All of this is moot though. Apple relies on constantly phoning home to truly unlock, and Android can encrypt both device storage and external. My phone requires a long password to even boot properly. After 30 attempts the phone is automatically wiped clean.

fingerprints may be forcibly taken to access devices, passwords are protected under the 5th amendment

the best is both tbqh

enter password + fingerprint to check if if's valid
the system shouldn't tell you if you had a bad fingerprint or a bad password

Completely agree; pisses me off how this isn't an option on Android yet. It seems so simple but what I wouldn't do for fingerprint+pin on my phone

>passwords are protected under the 5th amendment
lolno
arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/

I don't live in America so neither are protected. I just use fingerprint because it's easier.

I haven't used a pin / lock in 5 years, never..

>The inventor of the ATM, John Shepherd-Barron, had at first envisioned a six-digit numeric code, but his wife could only remember four digits, and that has become the most commonly used length in many places

Women, eh

>weaker PINs because of women
thanks a lot women, more numbers would be more secure but thanks to dumb women we cant have this either

the simple answer to this is if the government asks you for your password say that you forgot it. If they ask if you know the password to something, you don't

the forgone conclusion clause also requires a preponderance of evidence showing the "incriminating thing" is being locked behind a password

the real reason to put passwords on things instead of fingerprints is to prevent finding MORE evidence and not as a the last hope vault of your secrets

Secured against what ?

My biggest issue with fingerprints is that the police can forcibly use your fingerprints to unlock a phone.
They cannot compel you to reveal your PIN.

that case is a bit different then what you are trying to paint it as.
They know from the hashes that he has downloaded thousands of images of child porn.
Had they not known the hashes, or didn't have any other evidence then this case would be tossed out and he would be free instead of jailed.
The question becomes how does the court differentiate between someone really forgetting their password/pin VS someone lying about it to hide some evidence.


youtube.com/watch?v=bMYSWZr4a4Y

>the simple answer to this is if the government asks you for your password say that you forgot it.
Really depends on the evidence against you.
If the government has enough evidence against you that its beyond a reasonable doubt that you did X/ or have Y in your possession, but you refuse to surrender it to the courts then you will be put in jail until you surrender it.

The CP guy would likely lose if this case went to trial, you know with hashes and other stuff they might have.
But trials are expensive, the judge saying you are in contempt of the court is cheap.

How do I unlock the phone with just the fingerprint? Everytime I try to turn it on, it asks to do a password or pin with it. I just want the fingerprint on it's own.

>longest password
>someone records it over your shoulder
>now I can unlock it too

WOW

There is also this part too
>The suspect’s sister also told police that she had seen hundreds of images of child sexual abuse on the hard drives.

but then again it is possible she hates his guts..

Doesn't matter, it's secure enough for consumers.

>>some fingerprint sensors are laughably easy to bypass with a bit of gelatin
So your phone doesn't have a fingerprint sensor, OP?

>My biggest issue with fingerprints is that the police can forcibly use your fingerprints to unlock a phone.
But it doesn't have to be a fingerprint, user. It can be any skin pattern. And any part of the print of any finger. Gives you a lot of scope for "I don't use the fingerprint" plausibble deniability.

>turning in your own family

No doubts there.

>How do I unlock the phone with just the fingerprint?
If you power-off or reset an iPhone it'll ask for the passcode when restarted. That's your get-out-of-jail.
See:-

16 digit passcode
simple.

You should be using both. If you're in a compromised situation you can reset and the device will require your pin before fingerprint will work again.

The worst thing about PINs is that most of them are predictable. Statistically, you can count on most of them to follow a pattern. Most people use birthdays, anniversaries, sequences (111111, 123456, 121212, 147258, etc), that kind of thing. If you’ve created a PIN you can remember, you’ve created a PIN that’s significant to you, and you’ve therefore created a PIN that someone else knows.

Is there any android app which can silently reboot phone after few wrong pincode unlock attempts. I found Locker on FDroid but it could do only a complete wipe.

mine is gentoo with T9 typing because memes

already got used to it

I have a twin sister and she likes snooping through my stuff

On linux ive always used them as an additional layer of security, aka to login you need both my password and fingerprint.

This should be an option for android

>fingerprint reader
convenient

very good versus normies
Reasonable versus remote threats
0% effectiveness against anyone who can simply physically force you to unlock the device(including the government)

hands your fingerprints over to every spy network in the world

Biometrics are not passwords.

>That's because the appeals court, like the police, agreed that the presence of child porn on his drives was a "foregone conclusion."
So they believe they have enough evidence against him to be convinced on the contents of the drives, but they can't just take him to court with that? Or do they want the drives in order to try get a heavier sentence on him?

That shouldn't be any reason to revoke his rights. You can't hold people indefinitely without laying charges, it's as simple as that. You convinced the courts you have enough evidence to charge him, so charge him.

>The court also noted that the authorities "found [on the Mac Book Pro] one image depicting a pubescent girl in a sexually suggestive position and logs that suggested the user had visited groups with titles common in child exploitation."
Fuck, ONE whole image? They could pick up half of all Internet users for that. Everything you see ends up on your drive, pretty much.

Post your tits

Apparently smartwatches can be used as another layer of security, like they have to be connected to your phone for it to unlock, or something like that. I doubt it's actually as malleable of a solution as I would like.
I looked into getting one because of this, but I ended up saying "fuck that charging shit" and got a manual-wind mechanical instead for some reason. Guess I'll have to figure out something else.

When my friend's boyfriend sleeps she presses his thumb to the fingerprint sensor and goes through his phone. That story made me avoid fingerprint readers, finding out that biometrics aren't protected under the 5th amendment just further strengthened the decision.

>When my friend's boyfriend sleeps she presses his thumb to the fingerprint sensor and goes through his phone.
This.

Nothing is stopping anyone from using your thumb while you aren't conscious to get into your phone aside from the forethought to turn off the device to require PIN to get in.

Even fucking children have worked this out.

There are already well known cases of children using their parent's thumb while they slept to buy ingame items.

It's convenient but it is insecure as heck. Anything that makes it more secure increases the inconvenience so you only get token gestures, like the PIN on startup.

I'm a guy, dumbass.

Get a Miband 2

You'll just sit in your cell until you remember it.

The way I see it I am perfectly fine with using my fingerprint to unlock my phone. Should I lose it then it will put off a potential attacker for long enough that I can wipe it remotely before they can do anything. If the government is after me I would lawyer up.

>If the government is after me I would lawyer up.
Just try to imagine the sort of lawyer who'd stand up to the government for you. Either a shreiking leftie or a survivalist.
Give them the other phone, the one you keep for occasions like this. Politely unlock it.

Well that is fair, but I meant it more along the lines of if the government is after me I am probably fucked anyway. Having said that there is nothing of note on my phone.