this post was submitted on 19 Jun 2024
450 points (98.9% liked)

Privacy

4241 readers
9 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] 01189998819991197253@infosec.pub 18 points 5 months ago* (last edited 5 months ago) (2 children)

I wish there was a way to require both biometrics and PIN. They're both insecure on their own, but together they're better. Like instant MFA for your unlock. I would enable that immediately, if it was available.

Edit: then a password / passphrase in case one of the other two stops working (as an emergency unlock).

[–] AA5B@lemmy.world 2 points 5 months ago* (last edited 5 months ago)

It’s sort of there, but maybe more to protect from criminals than abuses of authorities. All of my bank apps require a second authentication to launch or even to switch back to them.

Granted I could turn it that off or set it to biometrics, but I leave it on PINs. A criminal wanting to steal from my bank account will need both my biometrics to unlock my phone and a different PIN per bank.

This even provides some protection from the $5 wrench they’d use. Sure, I’ll unlock my phone at the threat of real violence. But you won’t know ahead of time what banking app I have or even how many, so you may not get them all. Pay by phone may use the same biometric but I can likely dispute those charges after the fact

In the abuse of authority scenario, that may keep them out of my bank records but there are established paths to get that from the bank so they’re less likely to be interested. I’m sure they’re more interested in violating the privacy of my friends and family