Our 2-factor fingerprint unlock feature is now fully implemented and will be available in the upcoming GrapheneOS release. This adds the option to set a PIN for using fingerprint unlock. You can use a strong diceware passphrase as the primary unlock method with fingerprint+PIN secondary unlock.
The usual restrictions on fingerprint unlock still apply. It’s a secondary unlock mechanism only usable for 48 hours after the last primary unlock. The limit on failed fingerprint unlock attempts in GrapheneOS is 5 as opposed to allowing 4 batches of 5 attempts (20 total) with 30s delays in between.
The devices we support have a high quality secure element heavily throttling unlock attempts which is why a random 6 digit PIN provides secure encryption, unlike most Android devices. It’s nicer to have a strong passphrase not depending on an attacker never being able to exploit the secure element.
Our new 2-factor fingerprint unlock feature means you can get this benefit of a strong passphrase while still having the convenience of a PIN. Since our PIN scrambling feature works with the 2nd factor PIN, you get the combined anti-shoulder-surfing benefits of a scrambled PIN and a fingerprint.
If you want to avoid entering your passphrase in public, you just need to make sure to refresh the 48 hour timer after last using it to unlock to keep fingerprint unlock available. We plan to add configuration for how many failed fingerprint unlock attempts are allowed to help with this use case.
We came up with the concept for this 2-factor fingerprint unlock feature in 2015 and filed it in the public issue tracker in 2016. This was extremely difficult to implement correctly and we needed to fix multiple upstream Android bugs. The lockscreen will be more robust even if you don’t use this.
This is now one of the flagship features of GrapheneOS alongside hardened_malloc, hardware memory tagging, hardware-level disabling of the USB-C port, Storage Scopes, Contact Scopes, sandboxed Google Play compatibility layer, etc. It will be harder to port to new versions than our existing features.
Our duress PIN/password feature is fully compatible with our 2-factor fingerprint unlock and will near instantly wipe the device as usual if you enter the duress PIN instead of the correct 2nd factor PIN for fingerprint unlock. See https://grapheneos.org/features#duress for more details on that feature.
Cool but I’d be more thrilled if they’d return pattern unlock. I use GrapheneOS because I don’t want to share my data with multinational corporations, not because I’m some secret service agent or whatever.
Agree. Pattern unlock is simply more ergonomic for my thumb.
I’m sure the devs will claim that you can read the swipe pattern by looking at the smudges on the screen, but they should just show a warning about that when you configure it. I don’t need to be babied when using my phone, and with the inclusion of two-factor unlock, it becomes even less of an issue.
I’d love to have face unlock back. While Pixels no longer have the dedicated hardware of the Pixel 4 (IR flood illuminator, dual IR cameras, and dot projector), the Pixel 8 and newer still achieve Class 3 face unlock classification. Though I’m not familiar with the specific grading criteria, given this similar security rating, I’d welcome the return of face unlock functionality.
Still hoping for applock.
Very cool!