I wish there was a way to require both biometrics and PIN. They're both insecure on their own, but together they're better. Like instant MFA for your unlock. I would enable that immediately, if it was available.
Edit: then a password / passphrase in case one of the other two stops working (as an emergency unlock).
Itâs sort of there, but maybe more to protect from criminals than abuses of authorities. All of my bank apps require a second authentication to launch or even to switch back to them.
Granted I could turn it that off or set it to biometrics, but I leave it on PINs. A criminal wanting to steal from my bank account will need both my biometrics to unlock my phone and a different PIN per bank.
This even provides some protection from the $5 wrench theyâd use. Sure, Iâll unlock my phone at the threat of real violence. But you wonât know ahead of time what banking app I have or even how many, so you may not get them all. Pay by phone may use the same biometric but I can likely dispute those charges after the fact
In the abuse of authority scenario, that may keep them out of my bank records but there are established paths to get that from the bank so theyâre less likely to be interested. Iâm sure theyâre more interested in violating the privacy of my friends and family
Wow, a generic "Linux good, anything else dogshit" comment.
This is in no way relevant to the topic.
This is like if someone posted that they couldn't get their car with the color they wanted and you saying "fuck you and your car, I can paint my living room in any color I want, right now it is striped burgundy and mint, aren't living rooms way better than cars?"
and the original comment is entirely irrelevant to the original thread? You can't be serious.
Am i not allowed to enjoy the flexibility of linux, ever? I agree with the original poster, i think android and IOS should objectively support these features, they have no reason not to. I've never said otherwise, i just think they're dogshit OS's because they don't support basic security features you would otherwise expect to any level of consistency.
No, it's more like ford only producing cars in black, and people complaining about the fact that they don't come in any other color, and then me mentioning that actually, you can just paint your own car a different color, it's not really that hard. But regardless of that ford only selling cars in black is a rather shitty business practice to do especially when customers want cars in other colors, because black is, rather boring.
i wasn't talking about phones, but the pinephone, and the pinephone64, and a handful of other phones that are supposedly running linux, that are either not out yet, or really expensive.
It's literally linux phone. It runs regular linux. Regular linux uses PAM modules. There is no difference between configuring it on desktop and on phone. If comprehending ability to use same OS on desktop and phone is beyond your intellectual ability, I will guide you with this logical chain: linux on desktop -> linux on ARM computer like raspberry pi -> linux on ARM computer based on Allwinner A64 -> PinePhone is based on Allwinner A64.
If you still don't grasp it, I'll try once more. This can be installed on regular linux. Single Board Computers can run regular linux. This includes Pine64, which uses A64 chip. A64 devices can run it from sd card. And if you can't imagine how Pine64 that works on A64 and PinePhone that works on A64 are connected, here's neat trick: insert bootable sd card into Pine64, load linux, configure math captcha module, shut it down, insert same sd card into powered off PinePhone, power it on, it will load exact same OS your Pine64 have been using and where math captcha is configured.
You still have not shown me a Phone configured as you bragged it could.
You don't grasp that I am not interested in theory, I am interested in practical demonstrations.
My point is that it doesn't matter if Linux xan do this, the discussion was about a mobile phone that could do both biometrics and pin at the same time.
My point is that it doesnât matter if Linux xan do this, the discussion was about a mobile phone that could do both biometrics and pin at the same time.
if you lack basic cognitive reasoning to the point that someone can configure PAM in a specific way on desktop linux, and that presumably, a phone running the exact same software suite, with no differences aside from graphical environment, somehow couldn't do this is actually just kind of sad.
Wait until you find out how monitors display color. They have three different colors, red green and blue, and somehow, that manages to make all the funny colors on your screen. But since you can't see the individual pixels with your naked eye, i guess that must be untrue now huh?
Show me a Linux phone that is actually configured to unlock with both biometrics and pin, then you have proven that Linux is relevant.
I don't care about what is technically possible, I care about it actually being done.
I am not even asking if it is easy to setup or simple to use, I am just asking you to prove that it can be done on a Linux phone.
I am just asking for a proof of concept running on a Linux phone.
I am giving Linux the best possible chance here, the bare minimum.
The tasks I want to see done on a Linux phone is the following:
Prompt for a fingerprint, face scan, or any quick biometric.
Once passed the biometric prompt successfully, the phone should prompt for a pin.
once passed both prompts the phone should unlock.
I love Linux, I have been a Linux sysadmin for almost a decade and used Linux on and off for almost twenty years. I daily drive Windows due to work and gaming, but am considering switching to Linux at home when Win10 goes EOL.
But unless you can show me a Linux phone configured as described above then Linux is not the answer.
You claim so and yet have no example article, video, blog post, or any form of proof of it ever being done. Everything is possible in theory, even on iOS (with a jailbreak).
although realistically, there are better ways of doing this than using biometrics, physical security keys for example.
Also you say this like the OP actually verified that this was a thing that was impossible and couldn't be done. You're also acting like i claimed that this was explicitly the case, which i did not.
bro i use linux, i have literally configured a fingerprint scanner to work before
So did I, can confirm it's easy, and it doesn't matter because we are not talking about configuring a fingerprint scanner to work, we are talking about having a phone lock screen that asks for both a fingerprint and a password, something that would require, at the very least, UI that I don't think exists in any Linux phone project. That there is underlying functionality in PAM to make it happen is irrelevant, because that's only part of such a solution.
do you think iâm just making up PAM?
No, why? I'm saying that there is no Linux phone where "you can just do this out of the box" like you say.
If you are saying you started an offtopic conversation about Linux that had nothing to do with phones, and then, unrelated to your own comment, complained about Android and iOS even though your comment had nothing to do with phones, then... that sure is interesting.
no, we were talking about basic cybersecurity, or i suppose physical device security, which just happens to be relevant to phones because it turns out phones are dogshit at physical security. So i left a comment about how this is basically a solved problem on linux, because it's not actually that hard to just implement proper security.
I was complaining about android, because both me and the commenter i was responding to were talking about how awful security is on these devices, for no reason other than utter incompetence or forced inaction.
This isn't interesting, it's a basic conversational pattern, if you haven't spoken with enough people to realize that conversations just, shift sometimes, i feel bad for you.
Maybe. I don't biometrics on my computers. Only phone. I don't unlock my computer a thousand times a day using a crappy touch kb. Actually, if the phone had a physical kb, maybe it wouldn't have been so bad. Not sure.
i wouldnt really want to use biometrics on my computer either, i'd rather use a physical security key, but then i'd probably also want to use it with my phone also. So there's that i guess.
The only issues I have with a yubi on a phone, is the general fragility of USB-C ports (and that there is only one). On a PC or laptop, you've generally got several, so if one breaks and the yubi can't be used in that port, you're not locked out.