Nostr Web Client

It appears you misunderstood the feature, in after-first unlocks, users have the choice to use your OS credentials instead of their fingerprint when doing unlocks.

If you use a PIN as your OS credentials than it will ask for a PIN regardless of if it's wrong or right as the OS prevents the unlock after 5 incorrect attempts. Get the fingerprint wrong, it's your OS PIN, if it's right, then it's the 2FA PIN you set up.

The feature is used for users who use passphrases, not PINs. If you turn your default PIN into a password, try the same thing and see what happens. You'll be asked for your password instead.

Final 11mo ago

Android/GrapheneOS has two unlock methods:

- Primary unlock: credential used to decrypt the device there is the only credential available at boot and can be used to unlock the device no matter what. Can be a PIN or password.

- Secondary unlock: Other credential used to prevent access to the device when the device is still active after the first unlock. Only available after first unlock. On Android, only Fingerprint is an acceptable secondary unlock and is used to unlock the device quickly. GrapheneOS adds an additional optional PIN for the secondary unlock.

The PIN you are seeing is your primary unlock which you always have the option to do, it's forced when you get the fingerprint wrong multiple times. If you use the same PIN for primary unlock and the 2FA PIN then it defeats the purpose of the feature since you can just primary unlock the device. It works best when you have a password as your primary unlock.

If you were planning on setting the same PIN to unlock then you're just better off changing one of the PINs or not really having the feature enabled

Reply to this note

Please Login to reply.

Discussion

GelatoEconomist 11mo ago

What do you think about this option I was thinking about first? PIN + fingerprint without additional password as a back up. Wouldn't it be better to have this option with just those 2 options? If one of them fails you loose access to your phone. What if device is compromised? Isn't it easier to exctract password or PIN than fingerprint? Fingerprint requires physical finger to touch the device.

GelatoEconomist 11mo ago

In current option fingerprint can be skipped if you know the passphrase

Final 11mo ago

Fingerprints or values derived from fingerprints cannot be used as a key to decrypt the device because they naturally change all the time and also risk being destroyed from injury. Technically impossible to do and also very difficult to preserve. It needs to be a static credential that doesn't change like a key derived from a passphrase or PIN.

> Isn't it easier to extract password or PIN than fingerprint?

The device doesn't store your PIN or password. It generates a long, secure key derived off of the input and then if it is correct the keys are stored in RAM to allow decrypting data to use it. When the device is in "Before First Unlock" a secure passphrase makes credential-encrypted data extraction impossible because keys aren't in memory.

If the device was in "After First Unlock" then those keys are in RAM and data is accessible regardless of the unlock method used providing there's an exploit to bypass the lock screen. Cellebrite's exploits do this with the original Android OS and some iOS devices and they don't need to know fingerprint, password etc. Their tools don't work on GrapheneOS but we have the automatic reboot feature for this reason as a protective measure.