from the passcodes-ftw dept

  • Archon of the Valley@infosec.pub
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    Just don’t use biometrics. Bad idea in general. A 6+ digit PIN or password is just fine, especially if you set your phone to factory reset after a certain number of failed unlock attempts.

    • PirateJesus@lemmy.todayOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      That’s just giving up your rights from the get go. They can get a warrant to compel the fingerprint.

      In this computer age, warrant requests are a button press to send a docusign e-mail to a judge, who can click the sign button while he sips his cappuccino. Make them work for it.

      • Archon of the Valley@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        Right… that’s what I’m saying. Under the fifth, they can’t compel you to unlock your phone if it’s protected by a PIN or password and if you set it to factory reset after a bunch of failed attempts, they can try but it’s unlikely they’ll break the PIN/pass in a few attempts.

        • PirateJesus@lemmy.todayOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          The right to not surrender a pass code has actually not yet been decided. We already have differences between regions.

          • Archon of the Valley@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 months ago

            It’s protected under the fifth. Even so, requiring a warrant to get your passcode is far better than not requiring a warrant to demand biometrics. Either way you slice it, passcode > biometrics.

            • PirateJesus@lemmy.todayOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              8 months ago

              SCOTUS has not yet decided that a password in your brain is protected by the fifth.

              Your phone is protected by the fifth.

              Until SCOTUS decides that passwords are protected by the fifth, you can be held in contempt of court by a judge indefinitely because you forgot the password (theoretical scenario, has not yet happened).

              • Archon of the Valley@infosec.pub
                link
                fedilink
                English
                arrow-up
                1
                ·
                8 months ago

                There have been instances where judges ruled in favor of them being protected which sets a legal precedent. The SCOTUS probably won’t get involved unless a major lawsuit or federal-level case occurs.

                Either way, passcodes are superior. Not sure why you’re arguing this.