It would be nice if there was a way to use 2FA to unlock a phone. Using a password in combination with biometric or NFC token. That would also allow for the use of an emergency pin as well.
GrapheneOS has 2FA implemented with fingerprints.
When enabling it, you choose a 2nd factor pin you have to enter every time you want to unlock using your finger
(Allowing you a reasonable compromise between convenience, as in not having to put in a long password every time, and having more protection against physical abuse or coersion, OFC not the serious kind, but it helps with e.g. the coppers)
That’s nice. I wish a security token was also an option, but it doesn’t appear they have any intention of implementing that. I don’t like the idea of using biometrics for anything specifically because of law enforcement and how there I can be compelled to provide biometric data. A security dongle is almost the same, but with the “advantage” that a little bit of security through obscurity can be implemented since they not only have to know a token is required, but also which one.
Technically that’s also a disadvantage in that a security token can be lost vs biometric, but that’s the risk profile I would personally prefer.
I have a similar take on biometrics, but love their convenience (plus I don’t have to type out my passphrase in public, which IMO is a huge plus) and with GrapheneOS I get to have my cake and eat it too :>
It would be nice if there was a way to use 2FA to unlock a phone. Using a password in combination with biometric or NFC token. That would also allow for the use of an emergency pin as well.
GrapheneOS has 2FA implemented with fingerprints. When enabling it, you choose a 2nd factor pin you have to enter every time you want to unlock using your finger
(Allowing you a reasonable compromise between convenience, as in not having to put in a long password every time, and having more protection against physical abuse or coersion, OFC not the serious kind, but it helps with e.g. the coppers)
That’s nice. I wish a security token was also an option, but it doesn’t appear they have any intention of implementing that. I don’t like the idea of using biometrics for anything specifically because of law enforcement and how there I can be compelled to provide biometric data. A security dongle is almost the same, but with the “advantage” that a little bit of security through obscurity can be implemented since they not only have to know a token is required, but also which one.
Technically that’s also a disadvantage in that a security token can be lost vs biometric, but that’s the risk profile I would personally prefer.
I have a similar take on biometrics, but love their convenience (plus I don’t have to type out my passphrase in public, which IMO is a huge plus) and with GrapheneOS I get to have my cake and eat it too :>