Replying to Avatar hh

On the other hand, contrary to popular belief, device-level face ID (like in your phone or computer) is private and secure.
Avatar
The Beave 1y ago

Uh, no.

Biometrics are not secure. In the US, you can be coerced to open tech with biometrics but passwords are still (mostly) protected.

Reply to this note

Please Login to reply.

Discussion

0f
BTCFalk 1y ago

He ment on the technological front... The fingerprint/face ID unlocks your device/opens the key manager in the background, it doesn't actually use your biometric data as "password"

But yes, it poses a risk by being forced/coerced to unlock a device

Avatar
The Beave 1y ago

Meh. It's not very secure. There are pretty easy ways to defeat face and fingerprint stuff given time and a little bit of access.

Avatar
hh 1y ago

Yes, although I meant safe and secure as opposed to "sneaky KYC" 2FA like email and phone number.

From the point of view of a $5 wrench attack, I guess no tech is safe enough and the only realistic way to go about it is good opsec.

0f
BTCFalk 1y ago

The thing is the police can easily hold the phone to your face or place your finger on the fingerprint

It's also legaly a lot led protected (don't really remember the exact terminology, but know that is a thing)

Avatar
hh 1y ago

Again, we were talking about 2FA and KYC. Any device unlocking method is susceptible to a $5 wrench attack.

Avatar
Juraj 1y ago

that's way there's a hotkey to disable biometrics. advisable to use it when you're pulled over or go through customs. it's usually a few times pressing power button.

or even easier - after reboot.

Avatar
The Beave 1y ago

Depending on the OS on the device, yes.