Subnostr

Good question. I think it’s a double edged sword perhaps. On one hand you’ll have fewer account breaches due to stolen passwords. On the other hand it may be easier to force people to unlock their accounts. If a judge orders you to log into your account, you have plausible deniability in saying you forgot your password. But with biometrics they’ll just force you to put your finger on there or look at the phone and done.

nobody 2y ago

In the United States you cannot be compelled to reveal your password by a judge, because it is protected under the 5th Amendment.

Passkeys, and any form or biometric login bypasses this protection completely. I strongly advise anyone hiding information from the US government to reconsider using biometrics or passkeys.

Reply to this note

Please Login to reply.

Discussion

HoloKat 2y ago

Even if you have nothing to hide, consider what it means for your rights.

nobody 2y ago

Yes. Security considerations should always begin with the question, “secure from whom.”

Passkeys are great for businesses to stop phishing and dumb employees. A journalist in a hostile nation would be an idiot to use it.

PaddleManJoe 2y ago

Graphene OS is a couple button presses away from "lockdown," it will require a code to get back in. There is also a setting that you can use that will put it into lockdown mode after sitting idle for too long. So Grapheme OS does offer some mitigations for biometric vulnerability.

nobody 2y ago

Both stock Android and iOS do this as well. It is good to spread awareness. On iOS it is five taps of the lock button. I believe it’s similar on Android.