Regarding biometrics, I’ve felt that one advantage is that if I’m in a public space, I don’t have to worry about someone watching me enter my password over my shoulder. If I got into a situation where someone is physically overpowering me to get my finger onto my device against my will, I’m probably going to give them whatever password they want so I don’t get a beat down.
That’s a threat and risk assessment. You’ve decided you’re willing to accept the risk of anyone being able to unlock your phone to avoid the threat that someone will strong arm you. For me, I’m not really worried about someone in the street strong among me. I’m more worried about a state actor, border guard, police officer, etc demanding that I unlock my phone. They can physically compel you to unlock your phone by pointing it at your face or putting you finger on the pad but they cannot compel you to give them your password.
I definitely see your perspective, but mostly wanted to make sure I wasn’t overlooking some obvious downside in my risk assessment.
I figure my chances are low that I will get into the situation where an authority demands access to my phone but I also don’t have the opportunity to lock out biometrics. Like if I get pulled over I just hold power and volume up buttons for three seconds and biometrics is off. That said, it certainly doesn’t eliminate my risk completely, and I wouldn’t consider anyone crazy for just opting out completely.
The other problem with biometrics is you can’t change them. With the OPM breach a few years ago they lost 5.6 million finger prints. Those finger prints are now useless since they are in the wild and can’t be changed. Not a problem for your average phone user but in my world that’s a really big deal. In my world biometrics are a convenience and convenience is bad for security.
As long as you’ve considered and accepted the risks you’re good.
I’m probably preaching to the choir, but for those who don’t know, at least on an iPhone and I’m sure android has something similar, if you foresee the situation coming you can just hold the sleep/wake button for a few seconds (even while your phone is in your pocket) and it will require the passcode and not allow biometrics.
For android it’s power+volume up to bring up the power options menu (shutdown, restart, etc) and there is a “lock down” option that disables biometric unlock.
Wish I could do it with one hand, but good to know it’s there.
Regarding biometrics, I’ve felt that one advantage is that if I’m in a public space, I don’t have to worry about someone watching me enter my password over my shoulder. If I got into a situation where someone is physically overpowering me to get my finger onto my device against my will, I’m probably going to give them whatever password they want so I don’t get a beat down.
That’s a threat and risk assessment. You’ve decided you’re willing to accept the risk of anyone being able to unlock your phone to avoid the threat that someone will strong arm you. For me, I’m not really worried about someone in the street strong among me. I’m more worried about a state actor, border guard, police officer, etc demanding that I unlock my phone. They can physically compel you to unlock your phone by pointing it at your face or putting you finger on the pad but they cannot compel you to give them your password.
I definitely see your perspective, but mostly wanted to make sure I wasn’t overlooking some obvious downside in my risk assessment.
I figure my chances are low that I will get into the situation where an authority demands access to my phone but I also don’t have the opportunity to lock out biometrics. Like if I get pulled over I just hold power and volume up buttons for three seconds and biometrics is off. That said, it certainly doesn’t eliminate my risk completely, and I wouldn’t consider anyone crazy for just opting out completely.
The other problem with biometrics is you can’t change them. With the OPM breach a few years ago they lost 5.6 million finger prints. Those finger prints are now useless since they are in the wild and can’t be changed. Not a problem for your average phone user but in my world that’s a really big deal. In my world biometrics are a convenience and convenience is bad for security.
As long as you’ve considered and accepted the risks you’re good.
Time to start using the middle finger, until the next data breach. Then the ring finger.
I’m probably preaching to the choir, but for those who don’t know, at least on an iPhone and I’m sure android has something similar, if you foresee the situation coming you can just hold the sleep/wake button for a few seconds (even while your phone is in your pocket) and it will require the passcode and not allow biometrics.
For android it’s power+volume up to bring up the power options menu (shutdown, restart, etc) and there is a “lock down” option that disables biometric unlock.
Wish I could do it with one hand, but good to know it’s there.