|
wolrah posted:This one's always struck me as a matter of what threats you're trying to secure against. yeah no security issue if someone can pull your mugshot off stinkedin/facebook/twitter/highschool yearbook and unlock with it
|
# ? Sep 5, 2017 19:46 |
|
|
# ? May 22, 2024 05:04 |
|
Bhodi posted:that would be true except everyone has a public headshot on Facebook or LinkedIn and you can receive calls and texts while locked How does the random person know who I am in the first place to look up my Facebook photo (assuming this is one of the rare times my Facebook photo is actually of me)? I don't use the face unlock because it was never reliable when I tried it in the past and my current phone's front cam is totally hosed anyways, but I have no reason to expect that someone who knows who I am would be trying to break in to my phone. If it had worked well I'd probably use it. If I were a public figure of any sort that'd obviously be an entirely different matter, but that was basically my point. Different people have different threats.
|
# ? Sep 5, 2017 19:48 |
|
wolrah posted:This one's always struck me as a matter of what threats you're trying to secure against. yeah but a pin will keep randos out just fine, without giving people a false sense of security in other contexts
|
# ? Sep 5, 2017 19:48 |
|
wolrah posted:How does the random person know who I am in the first place to look up my Facebook photo (assuming this is one of the rare times my Facebook photo is actually of me)? apple has a 'medical id' thing where you can put your name, and some people will include an e-mail address or something so someone who finds the phone can get in touch with them
|
# ? Sep 5, 2017 19:54 |
|
Android also does this if you tap the "Emergency" thing on the lock screen. I don't know what, if anything, is filled in by default.
|
# ? Sep 5, 2017 19:58 |
|
wolrah posted:How does the random person know who I am in the first place to look up my Facebook photo (assuming this is one of the rare times my Facebook photo is actually of me)? you disclose your identity all over the place did i see you pay with a credit card did your luggage have a name tag was i behind you in line at the hotel front desk or the gym did i eavesdrop on a phone call where you had to identify yourself did i get your phone and wallet in the same theft, though i just show it your passport or driver's license then admittedly this is of little use if no photos of you are available, but don't count on being nameless to save you
|
# ? Sep 5, 2017 20:05 |
|
face unlock seems inferior to fingerprint in literally every way; I can't think of a use case for it over thumbing it
|
# ? Sep 5, 2017 20:11 |
|
wyoak posted:face unlock seems inferior to fingerprint in literally every way; I can't think of a use case for it over thumbing it it's a gimmick that some people like for some reason.
|
# ? Sep 5, 2017 20:33 |
|
wyoak posted:face unlock seems inferior to fingerprint in literally every way; I can't think of a use case for it over thumbing it which is why sarnsung implemented it
|
# ? Sep 5, 2017 20:40 |
|
Cocoa Crispies posted:2014 called, they want your unpatched copy of strings back quote:Hello oss security,
|
# ? Sep 5, 2017 20:44 |
|
maskenfreiheit posted:I use a long (8+) char string I memorized, because I have to uphold my reputation as the most paranoid YOSPOSter. I use the swipe a pattern thing with a pattern I specifically thought real hard about and designed to be weird long and uncomfortable to swipe I'm used to it now so it's not uncomfortable for me but my wife thinks its awful
|
# ? Sep 5, 2017 20:51 |
|
ate all the Oreos posted:I use the swipe a pattern thing with a pattern I specifically thought real hard about and designed to be weird long and uncomfortable to swipe do you use the same unlock pattern in your phone and her vag?
|
# ? Sep 5, 2017 20:54 |
|
Midjack posted:do you use the same unlock pattern in your phone and her vag? She's trans so no You have to enter it on the taint instead
|
# ? Sep 5, 2017 20:55 |
|
ate all the Oreos posted:She's trans so no as a trans person i say that the best unlock security is a phone unlockable only by your own dick swiping a difficult pattern
|
# ? Sep 5, 2017 21:17 |
|
Wiggly Wayne DDS posted:that's really just muddying the waters and there's at least one logical step in there that doesn't make sense. he attempts to link marcus to a michael chanata and uses this as his sole evidence:
|
# ? Sep 5, 2017 21:18 |
|
ate all the Oreos posted:I use the swipe a pattern thing with a pattern I specifically thought real hard about and designed to be weird long and uncomfortable to swipe If only there was a way to swipe away you're posts
|
# ? Sep 5, 2017 21:23 |
|
surebet posted:yeah but a pin will keep randos out just fine, without giving people a false sense of security in other contexts Midjack posted:you disclose your identity all over the place My primary threats as far as I see them are pickpockets and my own forgetfulness. I use a password on my phone, but it's relatively simple because my fingerprint scanner sucks (Note 4) so I have to type it a lot more often than I'd like. If face unlock worked reliably I could use a much stronger password there and increase my security against anyone who didn't have a photo of my face while trading off a loss in security against those who did. wyoak posted:face unlock seems inferior to fingerprint in literally every way; I can't think of a use case for it over thumbing it Also if you are a sufficiently public figure fingerprint security has a similar problem (not at all saying this is the same level of ease though): https://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands
|
# ? Sep 5, 2017 21:29 |
|
that was literally always the narrative, i'm guessing he didn't pay attention at all?
|
# ? Sep 5, 2017 21:30 |
|
here's a neat thing https://www.nytimes.com/2017/09/05/sports/baseball/boston-red-sox-stealing-signs-yankees.html
|
# ? Sep 5, 2017 21:33 |
|
i don't have a past, i am a sentient AI created by lowtax in 2004
|
# ? Sep 5, 2017 21:33 |
|
wolrah posted:PINs and patterns are relatively easy to shoulder surf and/or guess based on smudging on the screen, especially compared to these examples: it's not that in-depth for those of us that have phone case wallets
|
# ? Sep 5, 2017 21:36 |
|
wolrah posted:PINs and patterns are relatively easy to shoulder surf and/or guess based on smudging on the screen, especially compared to these examples: For patterns its hard to evade the smudge thing but for pins you just make it long with repeated digits and you increase the number of orderings and lengths they have to try by a lot. fingerprints might be more trustworthy on an iphone, but surely not in Android land where the most popular OEM stored the finger prints as high resolution raw files in world readable storage.
|
# ? Sep 5, 2017 21:39 |
|
cis autodrag posted:fingerprints might be more trustworthy on an iphone, but surely not in Android land where the most popular OEM stored the finger prints as high resolution raw files in world readable storage. yeah i had my screen replaced at an apple store (which includes replacing the fingerprint sensor) and while all my crap was there my fingerprints had been forgotten and any secrets bound to those fingerprints (i.e. the secret that allows touchid to unlock 1password) were also gone so either apple is inconveniencing users as part of a big lie and lying about it in documentation they've made public or they're doing something right
|
# ? Sep 5, 2017 21:48 |
|
Apple is pretty forward about their handling of biometric data and how that is contained/invalidated in the secure enclave and everyone I have seen who has done an assessment of their standards and methods has come to the conclusion that it is OK
|
# ? Sep 5, 2017 21:50 |
|
cis autodrag posted:
Also focusing on the storage completely misses the point where fingerprint sensors fail in a security context and Apple's is no better than anyone else's.
|
# ? Sep 5, 2017 22:00 |
|
Biggest downside to fingerprint unlock imo is that it's able to be done without your consent
|
# ? Sep 5, 2017 22:01 |
|
spankmeister posted:Biggest downside to fingerprint unlock imo is that it's able to be done without your consent The emergency 5x power button click to disable biometrics on iOS 11 is designed to help with that though it doesn't help if you're getting ganked instead of pulled over with a slow process. Forces all auth back to pin
|
# ? Sep 5, 2017 22:08 |
|
apseudonym posted:Besides one OEM doing this before aosp support this isn't a thing and never really was. spankmeister posted:Biggest downside to fingerprint unlock imo is that it's able to be done without your consent yeah this is true ideally there'll be a way to temporarily disable touchid when you anticipate you'll be in a situation where phone searches are deemed "reasonable" (international travel, exercising one's right to peaceful assembly, etc.) in a way that doesn't require re-enrolling all your fingers
|
# ? Sep 5, 2017 22:16 |
|
spankmeister posted:Biggest downside to fingerprint unlock imo is that it's able to be done without your consent same for facial, and i guess rubber-hose cryptanalysis (or more realistically detention until compliance) renders the consent issue a bit moot for the average user w/ a pin
|
# ? Sep 5, 2017 22:47 |
|
Cocoa Crispies posted:ideally there'll be a way to temporarily disable touchid when you anticipate you'll be in a situation where phone searches are deemed "reasonable" (international travel, exercising one's right to peaceful assembly, etc.) in a way that doesn't require re-enrolling all your fingers press the lock button five times! i think that works in the current ios verison. if it doesnt, it will in about... a week.
|
# ? Sep 5, 2017 23:05 |
|
sleepwalkers posted:press the lock button five times! i think that works in the current ios verison. if it doesnt, it will in about... a week. but then as soon as you PIN in you have to do it again
|
# ? Sep 5, 2017 23:36 |
|
Cocoa Crispies posted:but then as soon as you PIN in you have to do it again ah yeah, i get what your saying now, a way to just switch it off for an indeterminate amount of time. that would be nice.
|
# ? Sep 5, 2017 23:46 |
|
you can switch it off indefinitely at your leisure in system prefs, the five tap code is for when you're suddenly in a bad situation
|
# ? Sep 5, 2017 23:53 |
|
anthonypants posted:here's a neat thing https://www.nytimes.com/2017/09/05/sports/baseball/boston-red-sox-stealing-signs-yankees.html baseball: a sport where looking in a certain direction is cheating if you look without your eyes
|
# ? Sep 5, 2017 23:53 |
|
haveblue posted:you can switch it off indefinitely at your leisure in system prefs, the five tap code is for when you're suddenly in a bad situation Does that still delete the saved fingerprints or did I imagine that?
|
# ? Sep 5, 2017 23:55 |
|
rip to another nazi discord https://twitter.com/UR_Ninja/status/905165908804382720
|
# ? Sep 5, 2017 23:56 |
|
BangersInMyKnickers posted:The emergency 5x power button click to disable biometrics on iOS 11 is designed to help with that though it doesn't help if you're getting ganked instead of pulled over with a slow process. Forces all auth back to pin not sure i want to jam my hands in my pocket when getting pulled over by a police officer hostile enough that i don't trust them to physically force me to open my iphone
|
# ? Sep 6, 2017 00:16 |
|
Trabisnikof posted:Does that still delete the saved fingerprints or did I imagine that? yeah but if you seriously think being coerced to unlock your phone is likely in your future it's probably worth it. turning it back on takes a couple of minutes at worst
|
# ? Sep 6, 2017 01:11 |
|
maskenfreiheit posted:not sure i want to jam my hands in my pocket when getting pulled over by a police officer hostile enough that i don't trust them to physically force me to open my iphone you indeed shouldn't be loving around with your pockets if you're being held at gunpoint, but at that point you're probably going to get tackled by cops #2 through #7 within the next moments, so focus on following the instructions given and get through the poo poo that's coming your way. if you're in a tsa line and you see them doing random phone checks, hit that home button a bunch. if you're held but not arrested by a cop that asks you for your device, cooperate, state that you're reaching in your left/right pocket and give that home button the ol' 5 poke as you take it out if you've been arrested, unless they have the presence of mind of swiping the phone against your finger while also immobilizing you, you'll have to touch the device to unlock it even if you're in handcuffs also please don't pull this poo poo unless you have some real good reason, because if they figure out what you just did and you refuse to comply with providing them a pin, i'm sure there's a slew of obstruction of justice or evidence tampering charges they can slap you with. ianal of course
|
# ? Sep 6, 2017 04:14 |
|
|
# ? May 22, 2024 05:04 |
|
maskenfreiheit posted:not sure i want to jam my hands in my pocket when getting pulled over by a police officer hostile enough that i don't trust them to physically force me to open my iphone sorry u keep your phone on a belt holster
|
# ? Sep 6, 2017 04:17 |