ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Finger Prints Are Not Passwords

    IT Discussion
    android fail biometrics password security
    9
    125
    54.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Dashrender
      last edited by

      @Dashrender said:

      In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.

      Know that you powered it off? What difference does it make if they know?

      DashrenderD 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        You power if off immediately, not after they have asked for it, of course. But even still.

        1 Reply Last reply Reply Quote 0
        • ?
          A Former User
          last edited by

          Can't it still be unlocked with your finger if they power it on?

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @A Former User
            last edited by

            @thecreativeone91 said:

            Can't it still be unlocked with your finger if they power it on?

            No. It completely locks if it power cycles, gets turned off or the battery dies.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              This is the iPhone I'm talking about, no idea if Android has similar protections.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @scottalanmiller
                last edited by

                @scottalanmiller said:

                @Dashrender said:

                In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.

                Know that you powered it off? What difference does it make if they know?

                LOL - no, if you're under surveillance, they would know if it was fingerprint or not enabled. and could surprise grab you before you could turn the phone off to force the use of a password instead of your print - but OK I'll take my tin foil hat off now because I'm not doing anything bad enough to warrant that.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said:

                  @scottalanmiller said:

                  @Dashrender said:

                  In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.

                  Know that you powered it off? What difference does it make if they know?

                  LOL - no, if you're under surveillance, they would know if it was fingerprint or not enabled. and could surprise grab you before you could turn the phone off to force the use of a password instead of your print - but OK I'll take my tin foil hat off now because I'm not doing anything bad enough to warrant that.

                  Even then, if it was the Phone that they were after AND could not get a warrant for it (the only reason they'd need the fingerprint loophole) it would be a huge risk that it would not be locked already or have the battery die while they were trying to get it. Not like they go a month without a reboot. Mine locks at least once daily. So while it's fingerprint only most of the time, there is a good 5-15% of any given day that grabbing it would do no good.

                  DashrenderD 1 Reply Last reply Reply Quote 0
                  • mlnewsM
                    mlnews
                    last edited by

                    And now more biometrics in the news: Yahoo considering ear biometrics.

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      Even then, if it was the Phone that they were after AND could not get a warrant for it (the only reason they'd need the fingerprint loophole) it would be a huge risk that it would not be locked already or have the battery die while they were trying to get it. Not like they go a month without a reboot. Mine locks at least once daily. So while it's fingerprint only most of the time, there is a good 5-15% of any given day that grabbing it would do no good.

                      Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files, but you can be compelled through law to use your finger to unlock a device, this leads me back to you being surveilled and they KNOW which finger you use to unlock your device, so trying to use the wrong one and saying it doesn't work wouldn't be possible. While this isn't an actual issue today, in light of the Snowden revelations, it's only a matter of time before this type of information will be keyed in on during surveillance.

                      Yes still very tin foil hat stuff, at this point to me it's more about what is possible so we as citizens can be prepared.

                      scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said:

                        Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....

                        Is that true? I thought that the point of the warrant was to get access to more than they could get without one.

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said:

                          Yes still very tin foil hat stuff, at this point to me it's more about what is possible so we as citizens can be prepared.

                          That's the biggest problem, though. The number of things that "are possible" are insane. Once we go down that path, none of this matters because they already have access to everything, everywhere. What information is on your device that they can't already get or get in some other way? They can grab your transmissions in and out, they can shim the device, they can pull the chips and unencrypt, etc.

                          Knowing what is possible is only marginally useful. Knowing what is practical is what we need to know for security. Otherwise we spend our time worrying about what isn't reasonable instead of focusing on what is. The most important aspect of security is practicality. Once you leave practicality behind, either you end up losing security or you lose the reason for the security.

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            @Dashrender said:

                            Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....

                            Is that true? I thought that the point of the warrant was to get access to more than they could get without one.

                            Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said:

                              @scottalanmiller said:

                              @Dashrender said:

                              Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....

                              Is that true? I thought that the point of the warrant was to get access to more than they could get without one.

                              Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.

                              You sure?

                              http://www.outsidethebeltway.com/federal-judge-orders-defendant-to-reveal-pgp-password-to-law-enforcement/

                              ? DashrenderD 2 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                According to the current legal information from the EFF:

                                Even if you're arrested, police can only search your phone under limited circumstances.

                                After a person has been arrested, the police generally may search the items on her person and in her pockets, as well as anything within her immediate control, automatically and without a warrant. But the Supreme Court has ruled that police cannot search the data on a cell phone under this warrant exception.8 Police can, however, search the physical aspects of the phone (like removing the phone from its case or removing the battery) and in situations where they actually believe evidence on the phone is likely to be immediately destroyed, police can search the cell phone without a warrant.

                                ? 1 Reply Last reply Reply Quote 0
                                • B
                                  BMarie
                                  last edited by

                                  I didn't trust it from the beginning, the thought of it being leaked worried me, and guess what.....I was right. I'm safe.....well safeish

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • ?
                                    A Former User @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    and in situations where they actually believe evidence on the phone is likely to be immediately destroyed, police can search the cell phone without a warrant.*

                                    This exception is up to an officers subjective opinion. It's used all the time here by the county. The assume everyone is either a drug dealer or has a meth lab.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • ?
                                      A Former User @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      @Dashrender said:

                                      @scottalanmiller said:

                                      @Dashrender said:

                                      Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....

                                      Is that true? I thought that the point of the warrant was to get access to more than they could get without one.

                                      Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.

                                      You sure?

                                      http://www.outsidethebeltway.com/federal-judge-orders-defendant-to-reveal-pgp-password-to-law-enforcement/

                                      Happens a lot. Companies even have to give over Encrpytion codes for all data (and end users data) all the time. No idea what happens if you "forgot" it.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @A Former User
                                        last edited by

                                        @thecreativeone91 said:

                                        @scottalanmiller said:

                                        and in situations where they actually believe evidence on the phone is likely to be immediately destroyed, police can search the cell phone without a warrant.*

                                        This exception is up to an officers subjective opinion. It's used all the time here by the county. The assume everyone is either a drug dealer or has a meth lab.

                                        If the police officer is taking the phone for evidence, they can't really can't still make that claim. If they can, then you are into the "no law applies here" and none of this matters since we are into the realm of them doing anything that they want.

                                        The benefit of fingerprints being required and passwords not doesn't seem to work. Fingerprints can't be required by law. Once there is no law, they can beat the password out of you. Making the point moot.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @BMarie
                                          last edited by

                                          @BMarie said:

                                          I didn't trust it from the beginning, the thought of it being leaked worried me, and guess what.....I was right. I'm safe.....well safeish

                                          But WHAT was leaked? A hash of your fingerprint? What difference does that make?

                                          1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @scottalanmiller
                                            last edited by

                                            @scottalanmiller said:

                                            @Dashrender said:

                                            @scottalanmiller said:

                                            @Dashrender said:

                                            Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....

                                            Is that true? I thought that the point of the warrant was to get access to more than they could get without one.

                                            Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.

                                            You sure?

                                            http://www.outsidethebeltway.com/federal-judge-orders-defendant-to-reveal-pgp-password-to-law-enforcement/

                                            That's definitely different than other trusted sources lead me to understand.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 2 / 7
                                            • First post
                                              Last post