UPDATE STATUS: RELEASE 2024123000 NOW AVAILABLE IN STABLE CHANNEL
GrapheneOS has officially announced that 2-factor fingerprint unlock is fully implemented and coming to the next release of GrapheneOS. X or X Cancelled.
Massive respect to the team for their incredibly hard work. This huge update is a fantastic way to end a great year of GrapheneOS development. I can’t wait for what they have in store for next year.
Other features including:
80% charging limit with bypass charging
Allow disabling DCL via Storage by default
Increasing threads for pre-compilation of apps (reason why updates take longer on GrapheneOS)
I must say, this feature is suprisingly not cumbersome. The fingerprint unlock is super fast, ans then the PIN menu just appears and you can type and unlock.
The extra step is vert great for security, yet it adds negligible time vs just a PIN.
BTW, you don’t have to enable a duress password for this feature. If you don’t, then you will have just a PIN on BFU and a PIN + FP on AFU.
Note that the BFU and AFU pin can be different. Personnally, I have just set the same, but for extra security you might want an extra secure BFU pin (that no one could ever see).
I completely agree. I’ve been using it since the initial alpha release, and I’m pleasantly surprised with how good the UI/UX is.
I’m a little confused by the rest of what you mean here.
This feature doesn’t really have much to do with the duress password / PIN feature. The intended use case is:
Primary unlock method: a strong diceware passphrase
7-8 words to avoid depending on secure element throttling
must be used every 48 hours and in BFU
supports duress password entry to wipe device
Secondary unlock method: fingerprint + PIN
minimum 4 digits, ideally 6+ digit PIN
only available in AFU
ideal for use in public to prevent shoulder surfing attacks + being compelled to scan fingerprint
more convenient for regular use
supports duress PIN entry to wipe device
The primary unlock method can always be used rather than the secondary unlock method if desired. Therefore, using the same PIN for the primary unlock method undermines the additional security of the two-factor fingerprint unlock.
You are right, but at the same time rebooting a phone will be pretty dumb for someone who steal your phone as this will make it much much harder to unlock than in AFU (as a general rule).
I am not concerned about advanced attackers. But I might add a stronger BFU pin if I feel confident I will not forget it (which is though cause I would rarely input it).
Personally I have realised that in the CIA principle (Confidentiality, Integrity, Accessibility) the A is as much if not more important than the C.
.
I think I see the misunderstanding. You are aware that the primary unlock method (what you are calling the BFU PIN) can still be used in AFU? You just swipe without verifying your fingerprint and you will be prompted to enter the primary unlock method PIN / passphrase.
honestly with the recent screen protector I applied. I am honestly more interested in the 80% charge + bypass charging. This will be great to start having healthier battery, They really were lacking these options so.
To be fair it was also lacking on stock. It was only added a month ago with Android 15 QPR1.
I’m impressed with the quick implementation by GrapheneOS. I completely agree that it’s a must have feature, especially for devices that are supposed to last 7 years.
It did happen, Source, please utilise translation tool of your choice.
Translation of the relevant paragraph as follows:
The defense argued earlier that the text and voice communications of the fifth defendant’s mobile phone were captured and presented to the court, while police officers testified that the defendant took the initiative to show the unlock code. The defendant gave evidence on the dispute on Wednesday, saying that he had never been asked by the police about the method of unlocking the phone. He also claimed that he was allowed to reply to messages after his arrest, during which time the police took his phone. Upon questioning by the defense, the defendant confirmed that the unlocking of his phone had been captured on closed-circuit television (CCTV).
I do find the source a bit confusing. It also makes it seem like the police just snatched the phone after it was already unlocked.
As Police Constable 8595 indicated that he could answer the call, the Defendant opened the communication software of his cellular phone in order to check the message, but he was stopped by a Sergeant, who took away the phone to listen to the recorded message between the Defendant and his mother (i.e. the 6th Defendant). The Defendant was then instructed to open the CCTV program in his cell phone, and the police officer never asked for the password during the whole process.