FYI Androids have a feature for this. If you are ever forced to interact with a cop you can press the side button and volume up(might be different on other phones) to select lockdown which will force your phone to only be opened with the password. Its gross that we need this feature, but now you know.
iPhones do this too. Hold the lock and volume down button until your phone buzzes, to get to the SOS/reboot screen. Once that screen is activated, it’ll disable biometrics until the passcode is entered.
You can even take photos/videos with the locked phone, and the recordings won’t be able to be deleted from your iCloud until the passcode is entered. Handy for recording cops. Cuz even if they take your phone and delete the recording, it’ll still sit in your “Recently Deleted” for 30 days. And while the phone is locked, they can’t access that Recently Deleted folder to permanently wipe it. So you can just access your iCloud account from any computer and recover the “deleted” footage.
It’s good that they have this, but there are a lot of situations involving cops where it’s not going to be safe to stick your hand in your pocket. I’ll just leave the biometrics off on my devices.
It’s* gross
Great contribution.
iPhones also have this feature, for a long time now:
https://ios.gadgethacks.com/how-to/keep-law-enforcement-out-your-iphone-your-privacy-intact-0194999/
Rather irresponsible of the article to not point out these features on Android and iPhone. Did a cop or government official write that article?
Most likely just a written with little real tech experience.
Yeah, but I want a combo that force starts the feature. I want to pull out my phone and be able to blind start it, not stare at my screen to select the correct thing.
I have Button Mapper trigger a Tasker task that locks my phone when I hold the volume down button, for some reason Button Mapper’s lock doesn’t trigger a lockdown.
(Tap and hold still lowers the volume)
Same, but this is our only option unfortunately.
Jesus christ this explains why occasionally I’ll pull my phone out of my pocket and it forces me to input the pin rather than the thumb print. It’s just one of those mildly annoying things that you wonder about but don’t think about enough to search for the answer.
Your situation is more likely to be caused by Android’s system to make sure you don’t forget your pin. It has a number of unlocks (and a length of time) before it forces you to do the code.
Edit: Maybe:
You can instead hold the power button for 1 second to open the same menu. Feels easier to me.
Usually that just launches the Google Assistant on most new phones.
Ah, I don’t use that on my Pixel 7 Pro, so it gives the old menu.
I’ve avoided willingly using biometrics so far. Though I’m sure our faces, gaits, body shapes, etc, are all stored somewhere, willingly or not.
Say no to biometrics. It’s like having a password you can never change.
So, it really depends on your personal threat model.
For background: the biometric data doesn’t leave the device, it uses an on-device recognition system to either unlock the device, or to gain access to a hardware security module that uses very strong cryptography for authentication.
Most people aren’t defending against an attacker who has access to them and their device at the same time, they’re defending against someone who has either the device or neither.
The hardware security module effectively eliminates the remote attacker when used with either biometric or PIN.
For the stolen or lost phone attack, biometric is slightly more secure, but it’s moot because of the pin existing for fallback.The biggest security advantage the biometrics have to offer is that they’re very hard to forget, and very easy to use.
Ease of use means more people are likely to adopt the security features using that hardware security module provides, and that’s what’s really dialing up the security.Passwords are most people’s biggest vulnerability.
I’ve read all this before. If you believe the people who designed and implemented the device and its myriad layers of firmware and software were 1. All acting in good faith and 2. Knew WTF they were doing… then: yes, sure.
Unfortunately that’s way too many strangers for me. Hundreds of people design and code these things. Meanwhile, every week there’s a clever new breach somewhere.
If you’re that afraid if the people who build phones, why are you ok with using any device that can access the internet?
I like how being cautious with my biometric data is beung framed as irrational fear and paranoia. As if ID theft never happens.
You should be more worried about your local doctor’s office contracting some cheap-ass company to handle your data and ending up in a branch than being concerned about biometrics.
Or hell, Experian had that insane breach of basically everyone’s information years ago. Biometrics are not the problem, it’s smaller companies that you have to deal with all the time skimping on security because they think they can’t afford it.
And then companies even more shady than Google and Apple and Samsung (loan companies, health systems contractors, banks, credit card companies, insurance companies) have all your data and are more likely to be involved in a data breach.
Using biometric data to unlock your phone does not make you more vulnerable to petty criminals.
While I do respect that viewpoint, there’s a lot more independent scrutiny of the hardware modules than there are around the parts that would handle any other authentication mechanism you might use.
Pixel phone example iPhone example
Just because something isn’t perfect doesn’t mean we should keep using the less good thing that it replaces.
Use the PIN if that’s more your cup of tea, just so long as you move away from passwords, since it’s the HSM that’s the protection, not the biometrics. Those are just to make it easier than passwords.
You can change PINs and passwords, but you cannot change your biometric data.
It’s about as smart as using your SSN as your username.
The point being that most people do not need to ever change their biometric data, because it isn’t used for remote authentication.
It’s about picking the right threat model, and for most people anything that gets them using the HSM is an improvement to their security.
it’s not a password; it’s closer to a username.
but realistically it’s not in my personal threat model to be ready to get tied down and forced to unlock my phone. everyone with windows on their house should know that security is mostly about how far an adversary is willing to go to try to steal from you.
personally, i like the natural daylight, and i’m not paranoid enough to brick up my windows just because it’s a potential ingress.
That’s why I put Linux on my house.
It’s not a great analogy. Your house and its windows are exposed to your neighborhood/community. Your internet device is adjacent to every hacker on the web.
it’s an analogy that applies to me. tldr worrying about having my identity stolen via physical access to my phone isn’t part of my threat model. i live in a safe city, and i don’t have anything the police could find to incriminate me. everyone is going to have a different threat model. some people need to brick up their windows
Assuming the phone’s security works as intended, what you’re saying is true. However, it’s a legit concern that the security is not airtight, and physical access is not actually required to harvest your biometric data.
I know the phone manufacturers make all sorts of claims about how secure biometric data is, but they have a profit motive to do so. I’m not being brick-up-my-windows paranoid by pointing out all the security failures and breaches we’ve seen over the years. Companies that have billions on the line are still frequently falling short at securing their own assets, much less their customer’s data.
I understand biometrics are convenient, and many folks love the ease / coolness factor of using them. Just don’t kid yourself that it’s secure by requiring your physical phone. Once the dark web has a digital copy of your biometric data, it’s compromised forever.
like i said, it’s more of a username than a password
First provide proof that you can pull out biometric data out of a secure element in a phone.
That’s not retrieving the biometric data from the device, that’s retrieving the biometric data from surveillance or physical interaction.
It’s quite specifically the type of threat that most people do not need to worry about.
Same here. Still using the pattern lock. I’ve never used fingerprint not to even mention face scan.
Joke’s on them. My yo-yo diet keeps me safe from accurate body shape biometrics.
Password you can never change
Not with that attitude! You can absolutely change your face. its rather inadvisable
Face… off…
I really think this depends largely on who you are and what you do with your phone. I have face recognition and fingerprint recognition both enabled on my phone. It’s good enough to prevent a thief from gaining access to my device, and if law enforcement asked, there’s nothing on my phone that could possibly be incriminating. Realistically, I’d have no issue just unlocking my phone and giving it to a police officer, although I do know well enough to always get a lawyer first. Biometrics add an extra layer of convenience; it’s nice to just look at my phone and it unlocks. My concern personally is more about someone stealing my phone and accessing my accounts than self-incrimination.
If I ever was going to put myself in a situation where I’d run afoul of the authorities, I’d leave my phone at home anyway.
Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint.
You can turn that and Face ID off on iOS by mashing the power button 5 times- it locks everything down.
Came here to say that! Glad it’s getting around.
Assuming you have the access to do this, e.g. awake, conscious, not handcuffed, etc. It’s safer to just always use a PIN in the first place.
I’ve always wanted a setting to create a lockdown key and an unlock key. So something like middle-finger to unlock but index-finger to force it into PIN/password only mode. So you can have some convenience of a quick unlock but if an authority figure asks or forces you to unlock it you can one-tap lock it down.
That would be awesome.
In GrapheneOS, a single wrong fingerprint disables fingerprint unlock until the password is entered.
That’s not correct. It just says not recognized, and let’s you try again. I just tested it. Do you have documentation that it should work the way you said and mine is faulty?
Sorry, I misremembered, it’s 5 times instead of 20: more secure fingerprint unlock
On Graphene/Calyx you can auto-restart the phone after a given time period if it hasn’t been interacted with. Recommend turning this on for all users.
What’s the name of this feature for GrapheneOS? I’m not finding it.
Try searching for auto reboot, or some sort of extra security settings menu.
In a getting pulled over situation, this works. But do it before you go protest anything. Or better yet, leave your phone at home. You don’t want to be reaching for something while a cop is pointing a gun at you and saying “Hands up!”
☞ EFF / Surveillance Self-Defense / Attending a Protest
Didn’t know EFF had this, neat
Not to mention it’s pretty regular to track who is participating by checking the towers in the zone all the people are participating.
Or get a geofence warrant
Just hold volume up and power for 3 seconds.
Do you have to mash it? Or will pressing it normally work?
NO
Pretty sure Apple would replace the buttons with pressure sensors – not for user comfort but so that they are no longer replaceable with OEM parts and can be serialized. They did literally this with Macbook sleep sensors.
The only thing I’ll mash is that subscribe button
You can also just long press a volume button with the lock button (with a FaceID phone). I find this harder to mess up under stress.
Android has a similar feature. It’s called “Lockdown mode” on the shutdown menu. Locks the phone and turns off any biometric unlocks.
Except it doesn’t activate by mashing the power button 5 times. On my Pixel 8, that activates the emergency dialer that will automatically call 911 if you don’t cancel the prompt in 5 seconds. I did not know that before. Probably a better use for that feature. It also points out the different ideologies of Apple vs Android.
Push and hold to get the power menu on my 7.
On my 8, that just activates the Google assistant. To get to the power menu, you have to press power (oddly named button, to be honest) and vol up at the same time. But these are active acts that you have to think about and verify to make sure they did what they are supposed to. Mashing the power button 5 times is succinct. I don’t have to guess how many seconds I’ve waited. I don’t have to feel to make sure I’m hitting the vol up instead of vol down accidentally. I count 5 times, 6 to make sure, and I can drop it while being certain that it’s going to call 911. That’s what I want in an emergency. A quick distinct action that requires no guessing to make sure it works. It makes sense once you stop and think. Nothing else about the power button makes sense, but at least that part does.
Try system - gestures - press power button. I have the choice of the power menu or the digital assistant.
I could do that…but then I lose easy access to the assistant. I could set up the tap on back function, but that doesn’t work when it’s in a holder in the car. There are no options that I can find that would let me assign the assistant to open on power + vol up. Unfortunately these phones aren’t as customizable as as I’d like them to be. Or at least not by default, but I don’t want to go through the trouble of flashing a new OS yet.
I use, “hey Google,” but sometimes my car tries to answer and it doesn’t know as much stuff.
I actually didn’t know that was changeable, one of my most hated “features” of my phone that it wants to bring up an AI assistant I’ll never use and didn’t ask for when doing something that has brought up the power menu on every phone I’ve ever owned
On my Pixel 7 Pro, I press the power and volume up buttons simultaneously, then I can click Lockdown. Now my passcode is required to unlock the phone.
On my ditto (running GrapheneOS), the Lockdown option is accessible through the regular power button menu. When I press power+volumeUp it switches to silent mode. I don’t know if/where I changed this, since I can’t find the options when searching in settings.
EDIT: I just found it - in Settings > System > Gestures > Prevent ringing. I can either set power+volumeUp to mute the phone, or vibrate only. Nothing about the Lockdown option, but having it in the regular power button menu is good enough for me.
If by “regular power button menu” you mean holding the power button for a couple seconds, that was changed at least on pixel devices to bring up some bullshit called “Gemini”, some AI from googie that I never got a chance to say no to. Power + volume up is now how we get to the power menu, because of course they would change the function everyone uses occasionally to a more obscure combination without notice
I was mowing my lawn and learned about that feature. A nice ladies voice came through my bluetooth headphones asking if I needed help lol. You can change what the button spam does and I changed it to call my mom instead.
On iOS, for SOS, Medical ID, and “slide to power off” you hold power and a volume button. That also disables biometric ID.
My wife’s pixel 3(?) with a flaky power button had us wake up to cops knocking on the door because of that feature.
You can turn it off somewhere in the settings
Yeah, I poked around in the settings that afternoon to make sure it didn’t happen again.
It does the same thing on iOS, but face/Touch ID is disabled after.
You can turn off the 911 “feature.” Don’t ask me how I know 😅
⚠️ WARNING: On android, mashing the power button 5 times calls emergency services…
On android you can add a ‘lockdown’ mode to the power menu.
Thanks for this, didn’t know this was an option.
on my phone lockdown mode is found by pressing side button and power up at the same time, then selection lockdown from the menu
Not on my Pixel 6. 🤷♂️ It just does what I told it to do, namely to open the camera.
Edit: these are some Reddit down votes. I just didn’t know I had this feature, and I apparently have disabled it, but I don’t remember doing so. Oh well.
Have to tried? On my Samsung pressing twice does the camera (as I’ve set it to) but doing 5 times tries to call emergency services.
They disabled it . I don’t understand why they even commented. It reads like some weird flex
Right, correcting your incorrect information is “weird flex”. What are you, five?
On my Mi Max 3 it does not work as well. In “configure buttons” section of menu there is no call emergency number action, neither is there press [any button] five times trigger available. So clearly the function your phone has is not universal. What a wild world do we live in!
Thank you for defending me. ❤️ They were correct though. Apparently I had the setting disabled, but I don’t remember doing so. Must have been years ago on another phone? And then carried over when settings migrated? I don’t know when this feature was introduced. But yeah. It’s a thing.
But obviously not universal if you don’t have it. Which Android version are you on?
Which Android version are you on?
10 qkq1.190910.002
I don’t know how it sounds like a weird flex. I was just asking. I don’t remember if it was something you could disable or not from when I had my pixel 5.
I didn’t even know it existed. I had to search to find the setting, but I see it exists on my phone and it’s disabled. I don’t recall disabling it though.
It’s not a flex… 🙄 I was just confused about how it seemed so established that this was an “Android” feature, so should be activated on my phone too, but it isn’t. And now that I see I have the functionality disabled but people say it’s the default, I’m even more confused because I don’t remember even seeing this setting. 🤷♂️
I did, yeah. Gotta test before commenting, of course. I see I have the setting disabled for some reason. Don’t recall disabling it though.
Cool, you disabled the gesture. Clearly the default SO setting doesn’t apply to you…
I didn’t even know it existed. I had to search to find the setting, but I see it exists on my phone and it’s disabled. I don’t recall disabling it though.
There are two ways you can do this on Android currently, but they’re not as quick. You can try to unlock with the wrong finger 5 times and it will stop allowing fingerprint unlocks. Or, you can hold down the power button for 10 seconds and the phone will reboot and also disable fingerprint unlocking.
That’s terrifying. So once we have tech to forcibly see inside the brain, that will be legal too?
“You shouldn’t be worried if you have nothing to hide” 🤷♂️
Tap for spoiler
/s
You think it wouldn’t xD?
Probably. Wouldn’t it be good to have the truth during investigations?
However I think that we really need refine when warrantless searches can occur. Right now many searches seem to be done with very little evidence to justify them. I think this protection should apply to your mind and phone just like it applies to your house. This probably also needs to be considered at border crossings. Right now they have basically unlimited rights for searching what you have on you with little to no evidence.
We should probably also rethink about how the information is shared when there is a warrant. Right now during a trial a huge amount of personal information can be made available. Maybe if it was easier to get precise information less would be needed.
Wouldn’t it be good to have the truth during investigations?
Well, yeah, but the mind is fallible. That’s why eye witness testimony usually only gets a case so far, people tend to forget specifics and fill in the gaps without realizing they did.
That is important to remember but it is sort of orthogonal to the point being made. Assuming that mind-reading worked perfectly you can find the truth about what the person believes. In most cases if they think they murdered the person and the gun is hidden behind the oak in their backyard it is beyond a reasonable doubt. I think it is still useful to have the truth about what that person believes, even if we have to remember that their beliefs are fallible.
However I think that we really need refine when warrantless searches can occur. Right now many searches seem to be done with very little evidence to justify them. I think this protection should apply to your mind and phone just like it applies to your house. This probably also needs to be considered at border crossings. Right now they have basically unlimited rights for searching what you have on you with little to no evidence.
to be fair to the current justice system, a lot of times you can just hit the courts with “excuse me sir, this was unwarranted” and assuming it was actually unwarranted, they should overthrow it immediately.
Not if it comes with a level of invasiveness that is unforgivable it wouldn’t be.
Forcibly invading someone’s mind after they were convicted beyond reasonable doubt would make you a monster.
Most trials and discoveries are already incredibly invasive. I don’t really see why the mind should be treated much differently. I would rather define what is acceptable evasiveness generally than different for mind vs written down in my diary.
Also why would you do this after they are convicted beyond reasonable doubt? This should only be done when required to reach the conclusion. Just like avoiding physical searches you can just plead guilty if you don’t want to be investigated.
If used properly this could actually be less invasive. Imagine a quick check of some facts that you believe with an automated machine that only returns the basic required information and you could be removed from the suspect list before other searches need to be done (like lawyers searching through your emails or personal notes).
I agree that this is a very dangerous thing to consider, and it needs to be applied very carefully. But I don’t think it is in the abstract any more morally wrong than the current methods of evidence gathering that we currently do. In many ways it could potentially be less harmful to the person being investigated. However it will be impossible to know for sure until we know how exactly this technology (when it is developed) works.
No, mind reading is a hundred orders of magnitude more invasive than any possible search.
There is no possible scenario where it could ever possibly be justified or excused. Your brain is unconditionally sacred. There is no possible theoretical version of such technology that could ever not be pure, unforgivable evil to use without completely uncoerced consent.
No.
No.
Terrible article. Even worse advice.
On iOS at least, if you’re concerned about police breaking into your phone, you should be using a high entropy password, not a numeric PIN, and biometric auth is the best way to keep your convenience (and sanity) intact without compromising your security. This is because there is software that can break into a locked phone (even one that has biometrics disabled) by brute forcing the PIN, bypassing the 10 attempts limit if set, as well as not triggering iOS’s brute force protections, like forcing delays between attempts. If your password is sufficiently complex, then you’re more likely to be safe against such an attack.
I suspect the same is true on Android.
Such a search is supposed to require a warrant, but the tool itself doesn’t check for it, so you have to trust the individual LEOs in question to follow the law. And given that any 6 digit PIN can be brute forced in under 11 hours (40 ms per entry), this means that if you were arrested (even for a spurious charge) and held overnight, they could search your phone without you knowing.
With a password that has the same entropy as 10 random digits, assuming no further vulnerabilities allowing them to speed up the process, it could take up to 12 and a half years to brute force it. Make it alphanumeric (and still random) and it’s millions of years - infeasible within our lifetime - it’s basically a question of whether another vulnerability is already known or is discovered that enables bypassing the password entirely / much faster rates of entry.
If you’re in a situation where you expect to interact with law enforcement, then disable biometrics. Practice ahead of time to make sure you know how to do it on your phone.
Yep. On Android there’s also a Lockdown mode that you can enter through the power menu when you need to turn off biometrics for the next unlock. Set a strong password. Use biometrics when you need to keep out a casual intruder, and password when you need to keep out a major intruder.
100%.
If you’re always concerned about sophisticated attackers, then you should also:
- Disable biometrics unlock whenever your device is about to leave your possession or you’re going to sleep
- Protect against shoulder-surfing / surveillance attacks that can capture you entering your password, e.g., by being aware of your surroundings and only entering your password or viewing sensitive information when you‘re certain your screen (and thumb locations) can’t be observed or by obscuring a view of your phone with your shirt or a blanket (like Snowden)
- Take the time to learn more about security in general and in relation to the specific threats that concern you
Also, don’t use regular passwords with random letters and numbers, they are really hard to remember and easier to crack if the password isn’t complex enough. Instead, use a passphrase with at least 5 words.
Is that safe though? After seeing that XKCD I also thought it would be a good idea but then read that using passphrases is even worse because brute force attacks often use dictionaries as well to test word combinations, so one should use scrambled characters, just long enough to resist brute force.
The XKCD comic uses the entropy of common words assuming an informed cracker is using the best tools at their disposal, that being a dictionary attack. That’s why the entroy per character of the passphrase is so low compared to that of the special character password, but the passphrase can be much longer because it’s easier to remember, so that’s what gives it its higher total entropy.
Explain XKCD goes into more detail about how the calculation was done: https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
Thanks for the clarification. So I can surmise that length is everything then? Given that I use a password manager I’ll just stick to my long gibberish passwords in that case, but it’s good to keep passphrases in mind for use cases where I can’t copy/paste easily.
Oh yeah, long gibberish passwords are strong. Keepass will tell me I have 137 bits of entropy on my password for instance, and that’s proper secure.
The Tr0ub4dor or whatever example in the comic assumes again an informed hacker using long random words and common substitutions, so you don’t have the full 56+ possibilities per character, it’s constrained to a very limited set. This is a pretty common password construction
For instance when I was in IT some government agency required our company to adhere to some security requirements before we could handle their data. Everyone went from 3-letter usernames + identical passwords to having a long word + numbers + characters. HOWEVER because nobody can remember these fucking things, every single password was a home address with the exception of a handful of month or person names which I assume were birthdays or kids. How do I know these secret passwords? Well, because they STILL couldn’t remember them, we had to…
I’m so sorry.
…keep everybody’s password in our own encrypted excell spreadsheet, so if anybody forgot, the IT team could read them all in plaintext to get people logged in. One person was so bad at remembering that I had their password memorised myself, and when I stopped pretending to look it up they stopped asking. Idk if they were shamed into remembering it or they just kept it in their wallet or something.
Also we needed secure server racks and encrypted drives etc. The server rack was a doozy - the handle was an intentional weak point to prevent forcing the lock, so I accidentally ripped it clean off with my bare hands one morning when the lock was slightly stuck. It took a while to get that fixed and I was exremely lucky I managed to jimmy it open using the nub of the destroyed handle. I couldn’t close it again so it sure wasn’t secure once that happened.
Security theatre, the lot of it. We spent six figures nationwide getting ready for that contract and the work they gave us was about four figures worth.
The entire corporate world is like this. If you wonder why your data keeps getting breached, this is why.
Or they make a copy of your phone, alphanumeric password and all, and just sit on it for ten years until quantum computers make solving the password a piece of cake.
You should assume that any device confiscated by authorities will be copied and broken into eventually. Treat all data on said device as if it’s already compromised.
Copying an iPhone isn’t as straightforward as you seem to think. Copying data from a locked iPhone requires either an exploit or direct access to the SSD / memory chips on the device (basically, chip-off forensics, which likely requires bypassing the storage controllers), and I assume the same is true for Android devices.
I’m not saying such exploits don’t exist, but local police departments don’t have access to them. And they certainly don’t have the capability to directly access your device’s storage and then reassemble it without your knowledge.
Now, if your device is confiscated for long enough that it could be mailed off to a forensics lab for analysis? Sure, then it’s a possibility. But most likely if they want your data that badly they’ll either hold onto your device, compel you into sharing the info with them, or try to trick you into giving it to them. Hanging onto your data without a warrant for over a decade is a high risk, low reward activity.
Your data’s more vulnerable to this sort of attack in transit.
deleted by creator
Article doesn’t even mention PIN. Where are you getting this “advice”?
He’s not wrong though. Brute forcing number only pin takes little effort.
It calls them “passwords,” but personally I don’t consider a 6 digit number to be a password. And according to this article on GrayKey, 6 digit “passcodes” became the norm back in 2015. I haven’t seen any stats showing that people on average use more secure passcodes now, and making the passcode required more frequently isn’t going to encourage anyone to use one that’s more secure.
The article just says “disable biometrics” which is bad advice for the average person, as it will result in them using a 6 digit passcode. This is a knee-jerk reaction at best, and the resulting advice is devoid of nuance, made by someone who clearly doesn’t understand the threat discussed in the article, and would benefit literally nobody who might feasibly take it.
My advice is echoed by the article above, but it’s based off having an understanding of the problem area and suggesting a solution that doesn’t just address one thing. Anyone giving advice on the topic should consider:
- known threats and reasonably likely unknown threats
- the mitigations to those threats
- how the technology works for both the threats and the mitigations
- the legal landscape in your jurisdiction - for us, the US - both in practice and in theory
- people’s attitudes toward security, namely their willingness to suffer inconveniences for its sake
- how all of the above interact, and how likely someone is to take the advice given in a way that improves their security overall
The author of this article considered none of the above.
I still don’t get where are you seeing this advice in the article. No one is recommending “6 digit passcodes”. AFAIK all contemporary phones use mixed character passwords these days. I just setup a second hand s22 and it asked me to create a full password as primary authentication with all of the brute force strength hints etc.
Your perception might be a bit outdated here.
As I said in my first comment, I’m more familiar with iOS, where 6 digit passcodes are the default.
That said, do you genuinely think the average person would use a random 10+ alphanumeric character passcode to unlock their phone after taking the advice of this article and disabling biometric auth?
Yes the contemporary phones literally bug and warn you if you don’t. Password is much easier to remember than 6 digits too imo.
This isn’t new information. Might be a higher circuit reaffirming it though.
deleted by creator
I don’t see it yet. When can I expect it in the mail?
IDK why I was an ass about it. Still good to spread the word.
Sucks to be american. Sucks to live in america.
Why would anyone?
This is a dumb question. Almost 50 million people live in Sudan where there’s an ongoing famine. 70 million people live in UK where mass surveillance is roughly state supported. Asking why 300 million people don’t just move is … stupid
The difference is that people from the US and UK are generally welcommed in other countries. People from Sudan have a much harder time being let into other countries
As tourists, sure. But getting a work visa/residence permit is not as easy as you think.
And second of all, what do you expect? An entire country to up an leave? That’s stupid beyond measure. Won’t that entire country elect the same government wherever else they end up in?
LOL
1- Its correct that its not easy to get a residence permit, but it is a lot easier if you are entering from the US/UK than if you are coming from Sudan.
2- I don’t expect people leaving the US, to want to live like they did in the US. So assuming that they would want to create a similar life outside the US is kind of childish, and not even possible in most countries.
That said, it’s a figure of speech. You’re taking it too far and too literal
I’m very glad I had the opportunity to leave. Being bilingual makes it a lot more feasible.
None of the cool countries are going to let massive amounts of Americans immigrate to them and nobody wants to go somewhere worse.
I live in the UK. A judge can compel you under Section 49 of the Regulation of Investigatory Powers Act 2000 to hand over any passwords for any devices or services they reasonably believe you have possession of the passwords for.
If you don’t then you can be imprisoned for up to 2 years for normal crime or 5 years for crimes relating to national security or the production, possession or dissemination of CSAM
Thank you.
On pixel, if you ever need to - press and hold the power button, select “lockdown”.
(It might apply to other androids too, I don’t know.)
You will now need a pin to unlock the phone. This disables the lock screen shortcut (camera, light, etc) as well.
Why disable your convence features for an scenerio that is not likely and can be quickly and easily be prevented.
Universal: You could also just the tap the sensor with a “wrong” finger a few time, and the pin will be required.
Maybe don’t do this one in front the cops…if you find your self in a postion where they are trying to unlock your phone, you probably don’t want to piss them off. .
Edit: I’m surprised no one called me out on “if you’re ever need to”. The sentence was going to be “if you’re even in a situation that needs…”, but that was getting too long. Forgot to change you’re to you.
It’s from AOSP, so any device close to the actual Android baseline should support that. This means that you can enter that mode from LineageOS as well.
On my pixel 6 it is power + Volume Up to access the power menu with lockdown.
I also have a pixel 6 and holding down power also works, though you have to wait a second. Power and volume up is instant.
My power button long press only activates Google assistant, it never pops the power menu. Maybe it’s a setting somewhere.
Oh, yeah I think you’re right. I think I might’ve changed it at some point.
Just checked and it’s under system > gestures > press and hold power button
This was new info to me! Can confirm it works on a Pixel w/ GrapheneOS
On iOS just rapidly press the power button five times and it enters its lockdown state.
The Pixel fingerprint scanner is so bad, you could end up locking it entirely by accident.
Behind-the-screen fingerprint scanners are an abomination.
Behind-the-screen fingerprint scanners are an abomination.
Always reminds me of 1984’s telescreens. We’re almost there.
Not my experience. They are usually instant, but you need a flagship device, of course. Otherwise it’s comparing apples and oranges.
The $1000 price tag on the Pixel tells me it’s a flagship device and yet the scanner is still trash.
But optical scanners just suck in general. I wish they’d bring back the rear sensor, it was so convenient both for unlocking and for having a shortcut to pulling down the notification shade.
First gen in-screen scanners were absolute trash. Borderline unusable. But the tech has improved quite a lot since the first ones. The one in my galaxy tab s9’s screen is fast and accurate.
Mine works without issues since I removed the white circle and the unlocking animations.
My 5a sensor is fantastic (it is on the back). I’ll be sad when it’s time for this phone to go.
deleted by creator
deleted by creator
You can also just hold a volume button + power. That will bring up the power / emergency screen and will require a non biometric password for the next unlock.
Maybe don’t live in a fucking dystopia. The US is a police state and you have no freedom left.
removed by mod
While I buy you’re general cynicism, it’s wrongly applied here …
It seems like we have both more and less protections than other places, for this instance.
- while it’s not entirely settled case law, you can NOT be compelled to give up your passwords. Different states differ and they’re constantly trying
- however biometrics are counted as public knowledge, so you have no protections
This is more of a scenario where legal contortions turn into huge inconsistencies, plus our legislature has refused to clarify so it’s all on the court system
## How to disable Face ID through the Power Off screen
- Hold down both the Side Button and either Volume Button at the same time for three seconds.
- The Power Off slider should appear. Tap Cancel.
You actually don’t need to hit cancel, you can just hit lock, so you can do this whole thing with your phone in your pocket.
https://appleinsider.com/inside/iphone/tips/how-to-quickly-disable-face-id
This is easier and less intrusive than the lock-button-5-times method because it doesn’t start making a phone call that you have to quickly cancel.
This is the advice people (with iOS) should follow, not disabling biometrics altogether. Using FaceID or TouchID prevents shoulder surfing to find out what the password to your phone is. When local passwords have so much control over a device, using biometrics to prevent anyone from seeing what your passcode is is very useful.
Those settings can also be altered under Settings > Emergency SOS
Real MVP right here. Good to know!
deleted by creator
This also encrypts your data.
Stop using biometrics period.
