Add biometrics guidance to website

+1

Also, it wouldn’t hurt to clarify a position on biometrics, they get demonized on the privacy community for paranoid reason when they are fine and convenient for the majority of people.

There is one line on it in the iOS Overview page:

Biometric unlock methods are primarily a convenience, although they do stop surveillance cameras or people over your shoulder from watching you input your passcode.

The issue is that people perusing the site might not navigate to this page because they don’t currently use (or intend to use) iOS at all.

However, I am not sure where would this information go. It doesn’t really fall under information about passwords, nor multi-factor authentication. (After First Unlock, assuming biometrics is configured as the main screen lock method, it is the single factor of authentication for your mobile device unless your installed apps allow you to configure PIN locking. I don’t know anything about biometric authentication on laptops though.)

… plus biometrics are better than using

|

Rank|2021|
|---|---|
|1|123456|
|2|123456789|
|3|12345|
|4|qwerty|
|5|password|
|6|12345678|
|7|111111|
|8|123123|
|9|1234567890|
|10|1234567|
|11|qwerty123|
|12|000000|
|13|1q2w3e|
|14|aa12345678|
|15|abc123|
|16|password1|
|17|1234|
|18|qwertyuiop|
|19|123321|
|20|password123|

… like so many people do.

1 Like

The Android guide definitely needs to be rewritten sometime, it doesn’t have a lot of coverage of important topics.

I’m not sure about biometrics usage outside of mobile devices, they tend to be poorly implemented.

2 Likes

And also have less value outside of the context of mobile (in my eyes at least). The thing that makes biometrics so attractive on mobile is convenience, and that using a strong password is really tedious on mobile (especially on an iPhone keyboard). This isn’t really the case on desktop where a strong password can be typed quickly (and is required less frequently).

2 Likes

They are well implemented on Windows and MacOS as far as I know, with some caviars like a MB with T2 having a better implementation that one that doesn’t. I haven’t look into Chrome OS, but I would be wary of the Linux implementation in general.

You are definitely not a MacOS user.

2 Likes

while the Surface fingerprint reader used cleartext communication over USB for communication.

“In fact, any USB device can claim to be the ELAN sensor (by spoofing its VID/PID) and simply claim that an authorized user is logging in,” wrote D’Aguanno and Teräs.

Plop. That is informative and disappointing.

1 Like

You are correct. I don’t know much about MacOS. Why is it more important for MacOS users?

(I am a Linux user, so I am very well acquainted with being required to input a password anytime I want to modify the system or need elevated privileges for something, but still compared to a phone, it falls somewhere between ‘pretty painless’ and ‘utterly inconsequential’ for me personally.

1 Like

You get asked for your password on every situation you would need it on Linux, except MacOS is more strict than Linux to what apps can get access without your permissions, for example, if you install an app that needs access to your files and your camara, you may easily end up typing your password three times the first time you use it in order to both install it and give it proper permissions.

Something that makes the situation worst is not having a single way to update apps. And this is at fault of the developers for not sticking to one way to deliver their updates. If I want to run a full update right now I could run brew, mas, xcodes.app, the system update, latest (each asking me for a password each time) and I would still get at least one app to splash at me asking to update it as I open it or that one app that thinks that asking you to go to their website, download their app and reinstall it is an appropriate way to deliver an update. off-topic: See why many iOS user don’t want multiple app stores? It’s not all fanboy far cry, you let developers have some freedom, and this happens. /s

So yeah, it gets annoying really fast, and there are a couple of work-related scenarios that would make it worst.

1 Like

Implementation of biometrics in GrapheneOS is pretty solid. You can only fail 5 times before a device goes to lockdown mode. You could also do some pre-fails yourself to reduce it even more. For example, you could fail it 3 times on purpose to reduce it to 2 times.

Sorry for the necropost, but I just wanted to mention that, for any people interested in this, there is a section discussing biometrics on the recently added Hardware Guide.

There is also a short section in the macOS Overview which outlines Touch ID.