Related
Has any one done any work on getting LUKS working on the Galaxy Nexus yet? I know ICS has encryption but it is not the same (It is file level; dm-crypt encryption and leaves room for data leaks).
For that reason does any know of a WhisperCore alternative?
Thanks!
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
textshell said:
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
Click to expand...
Click to collapse
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
x942 said:
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
Click to expand...
Click to collapse
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
textshell said:
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
Click to expand...
Click to collapse
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
If you have ever use encryption you would know that the less an attacker knows the better. Hence encrypting the entire system is better than only encrypting a partition.
I don't like how Google implements dm-crypt. It would be more secure if the entire device was encrypted as it would completely look like random data to an attacker.
Why would you only encrypt your home folder and not every thing BUT /boot?
I prefer the whispercore way of doing it. I poweroff and you can't access anything except the login screen.
x942 said:
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
Why would you only encrypt your home folder and not every thing BUT /boot?
Click to expand...
Click to collapse
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
textshell said:
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
Click to expand...
Click to collapse
Yes but as I said any one that would put that effort in would have to get the phone from me (which I carry 24/7) and once I know I no longer have control of it I would (as I said) reset it and sell it. You are basically saying all Full Disk Encryption (including on computers) is useless because someone can modify the bootloader. I hate to say it (and this is not directed to any one in this thread) but only a true ignorant person would fall victim to a evil maid attack, It is common sense NOT to trust something that you lost control of.
My situation is different: I run a non-profit organization and my employees need to carry sensitive data with them. Why risk security with the built in dm-crypt when something like WhisperCore is much better? I don't won't an attacker knowing ANYTHING about the device.
ICS built in encryption is just as useful as Home folder encryption in Linux. Your data may be safe but an attacker can ascertain how much data is there. And in some case use this information to infer what data may be present on the device. This is why most people using encryption use FDE and not just home folder encryption. When you are done there should be absolutely no way for anyone to tell the encrypted partition from random data (wiped data).
No, i'm just saying the full partition encryption of /data is enough on galaxy nexus and that you can't protect from an evil maid attack except by drastic measures after you lost control of your phone.
Understandable but I respectfully disagree. I want FULL DISK Encryption not Partition encryption. Take a look here: http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS#Security_levels
Either way (even if it is secure enough) It's not going to get approved for me to use in a work environment (FIPS 140-2). This is why I need some like WhisperCore. We handle sensitive data at my company.
I have this issue (I guess I'm really lazy but bear with me) that I don't really need an screen security measures like patterns, password, pin etc. but I do need to have some VPN connections stored on my phone and it's really annoying that Android obliges us to have an screen security to be able to store VPN credentials.
So my question would be, Is there any way to bend Android to our will here?
NoobSibot said:
I have this issue (I guess I'm really lazy but bear with me) that I don't really need an screen security measures like patterns, password, pin etc. but I do need to have some VPN connections stored on my phone and it's really annoying that Android obliges us to have an screen security to be able to store VPN credentials.
So my question would be, Is there any way to bend Android to our will here?
Click to expand...
Click to collapse
I've done it before, I cannot seem to remember how though. Something about setting a pin, copying a file with adb, guessing wrong password and using email option, then pushing a file with adb.
Cannot find the article tho, but this should work.....
HTML:
http://forum.xda-developers.com/showpost.php?p=32987763&postcount=1
I have a customer that has an Asus Vivo with Windows 8 RT, and somehow he has lost/forgotten his password. I am new to the Windows RT environment, thus I can see why people dislike it. I was wondering if there is anyway to mount the Tablet to a PC to back it up; a way to possibly reset the password with out resetting the whole device to factory defaults; for I am lost and have searched the web for ways to do so, but no one seems to have an answer. Any help or suggestions would be very much appreciated.
Thank You
Jamie
If it was set up using a Windows Live account (or "Microsoft account" as they're now called), just use the standard paswword reset function on the website.
If it was using a local account (possible but not a great idea on RT) then the best bet is Safe Mode (Shift+F8 during bootup; might be possible with a Touch or Type cover but probably easier via USB) and log in as Admin, then force a password reset of the account. Possibly useful info: http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/
As a side note, resetting the whole device, if it was using a Microsoft account, is relatively painless; your apps will need to be re-installed but you won't be charged again, your email and such will need to re-download but should already be configured, all in all it's fairly straightforward. Now, if there's documents on the tablet that for whatever reason aren't anywhere else... that's a problem if you reset it. No way to pull the storage and mount it in another PC, either.
What's your beef with RT from what you've seen of it so far (which it sounds like probably consists of nothing but the boot screen and the login screen)? It's only meaningful distinction from full Win8 is the need for ARM-compiled apps and the restriction of third-party code, but the first is a fact of life for any ARM-powered tablet (damn near all of them until quite recently; still most of them) and the second is easy to bypass. From an administrative position (i.e. trying to reset a password) it's identical to Win7.
I appreciate the quick response. Unfortunately this is tablet was not setup with a Microsoft Account, but was setup with a Local User account.
The only way it seems you can get into the options for boot with this tablet is holding the shift key and restarting it while you are at the login screen. I have tried to hold shift and tap f8 at a fresh start-up and the tablet continues to boot to the login screen.
Now when I hold Shift and restart the tablet, it goes right to Choose an Option, then I click Troubleshoot > Advanced Options > and there all I have is Automatic Repair, Command Prompt (Which you can't use without logging in to the local user account), and Startup Settings.. Under Startup Settings the only options it has is: Enable low-resolutions video mode, Enable boot logging, Dissable Automatic Restart on system failure, and Disable early-launch anti-malware protection.. It seems to me that this Asus Tablet with Windows RT does not have safe mode..
Thank You,
Jamie
Windows RT doesn't support safemode. It's possible to get at with some BCD tweaks, but it's not very straightforward.
Actually, pretty easy to get to it just using msconfig (assuming you can boot into Windows first). The downside: no touchscreen drivers, no Touch Cover drivers, no support for many of the peripherals. You'll need a USB keyboard, and probably a USB hub and USB mouse as well. A less "minimal" configuration might work better.
If you think there's a reasonable chance you'll need Safe Mode in the future, I recommend adding a second boot option to the main boot list (just clone the default one) and configuring it for Safe Mode. That's probably the easiest way... but it has to be done proactively.
GoodDayToDie,
Where you say "Actually, pretty easy to get to it just using msconfig (assuming you can boot into Windows first)," what do you mean by "(assuming you can boot into Windows first)?" I can boot into windows, but I cannot login because my customer has forgot his password.
This is a reason why I have an issue with Windows 8 RT, for there is no Safe Mode by default.. Micorshaft seems to be like Apple, thus locking the OS down to where you do not have full capabilities to fix an issue with there OS. It is too bad that you cannot run typical diagnostic tools off of a disc, because of the Hardware that they chose for the tablets... Only if they would keep a traditional chipset for both Linux (android) and Microsoft (Windows 8 RT), you could do all that you could with x86 and 64bit architecture. They need to keep things simple and compatible, instead of using prioritized junk.
Sincerely,
Jamie
I mean "boot into an interactive Windows session". If you can't get past the login screen, *you* aren't really into Windows (the machine might be running it, when I said "you" I meant you, personally). That's as true for RT as for any other OS.
Out of curiosity, what would you do if the client came to you with a BitLocked laptop and said they forgot the password for that? Well, obviously you'd tell them to use the recovery key. But it turns out they ignored the advice of the BitLocker installer and never saved the recovery key anywhere. Not good, right? OK, now what if it was a smartphone, and they forgot the PIN? There's a policy in place from their employer that ten failed PIN attempts in a row will will wipe the device. Now what?
They're screwed. Just like your client is here.
Look, the default configuration of Safe Mode on x86 versions of Windows is a security liability. It's a trivilally exploitable direct-to-admin elevation of privileges... assuming you have physical access to the device. On desktops, and to a lesser extent on laptops, that's not really a concern; the assumption is that if the attacker has physical access, it's already game over. On tablets, that's much less true. Tablets are sealed devices; there's no easy way to get the hard drive (or rather, the flash memory chip) out of one. They're designed to be highly mobile, and to a certain extent are designed to be shared - certainly many of them are used at kiosks and the like. They're also both easy and attractive targets for theft. The threat model is very different.
On x86 versions of Windows, if you're concerned about a local-access attacker, you use BitLocker and you set a strong password on it. You also change the admin password, so even if somebody gets through BitLocker (or they got to your machine while it's running already), they can't trivially gain full control over it. That's because protecting against local attackers is not the expected level of protection needed, so it's not the default configuration.
On tablets, if you're *not* concerned about a local attacker, you might do things like enable Safe Mode (which, from a security perspective, is actually Unsafe Mode), or disable BitLocker key protectors (possible even if an Exchange policy forces you to turn BL on). Similarly, if you weren't worried about forgetting your password, you might use a local account and not bother to create a password reset disk (yeah, that's still possible. Nobody ever does it, but it's possible). That's because the most likely attack, by far, will be somebody who has stolen the whole device and therefore the default configuration is to provide whatever security which can be offered in the face of such a situation.
Apparently, if you are worried about local attackers but *aren't* worried about losing your password, and then you lose your password anyhow, the thing you do is go complain to an IT shop. The IT guy then comes and asks an online forum how to do his job. The forum gives him the help they can. The IT guy then rants about Microsoft when the help offered is "insufficient".
Here, pop quiz for you: Which of the following people is it the fault of that the customer can't access their account?
1) Microsoft, who provide at least five different ways to reset the password (online account, password reset disk, enabling the Admin account for normal login, creating a second Admin account, or enabling a Safe Mode boot option) plus allow you to have the tablet remember the password for you (auto-login) or use no password at all.
2) Myself and the other members of this forum, who are offering what help we can, unpaid, of our own free will, because we care enough about this OS that we'll help people adapt to it and hope for nothing more than a "thanks"?
3) You and any co-workers you might have, who despite doing this for a living, are unfamiliar with the security model of a new OS... but are willing to pile abuse on that OS and its developers when they close a security hole that you expected to find open?
4) Your customer, who ignored Microsoft's advice about using an online account (justifiable, but a nonetheless questionable decision given the intended use of RT) and also ignored or avoided good password management techniques (like using a hard-to-remember password without creating a way to change or reset it, and without writing it down anywhere)?
I'll give you a hint: it's not 1 or 2.
Oh, and you can totally run diagnostic tools. Hell, the tablet comes with a bunch of them built in, but you can also boot off USB. Yeah, they need to be compiled for ARM, but - as I just pointed out - Microsoft ships a suite of them with the tablet. They even include a tool that can solve an unrecoverably lost password: wipe the system and start again. On previous Windows versions, you'd probably to do a full re-install at that point! Think of the time saved. However, "login as admin without any password" (what the default configuration of Safe Mode allows) is *not* a diagnostic tool. It's a gaping security hole.
Also, Safe Mode is totally still available. However, much like logging in *all the time* using the built-in Administrator account (possible by default on XP and before, disabled by default on Vista and later), allowing anybody who wanted to to boot into a full-permission no-password (by default) account was deemed too dangerous on RT. I was suprised when I discovered Safe Mode missing from the RT boot menu as well... for about 5 minutes. Then the obvious reason for it clicked. I went and enabled Safe Mode on my tablet anyhow, because it *is* a potentially useful diagnostic tool... (although, since neither theTouch Cover nor touchscreen work in Safe Mode, it's actually really hard to use) but I also changed the Admin password, so for your use case it wouldn't do any good anyhow. That's OK; I have the ability to reset my own password if needed. Admittedly, MS could have taken care of this themselves by removing the ability to log into disabled accounts when using Safe Mode, instead of disablign the mode by default... but that wouldn't have done you any good either.
I think the tl;dr version of what GoodDayToDie said is as follows:
The fact that you can't get into this tablet isn't microsofts fault at all, its the customers fault for being a complete and utter moron who can't remember a password and completely ignored the fact that the windows 8/RT setup process really wants you to make an online account rather than a local one which if he had done wouldn't have left us in this position.
Safe mode is a total security liability. That's why in my school they have disabled safe mode and also password protected the bios which is setup so you can only boot from the hard disk. There is then a sensor on the case which triggers when the side panel is removed which then causes the bios to prompt for password just after the POST check on next boot. Stupidly they have soldered the screws down on some machines, hilarious watching them trying to get the machines open again, they sit there with dremels trying to cut new slots for another screw driver why they don't just remove the solder with the hot air guns and soldering irons in the workshops is beyond me.
You might be able to edit the bcd to enable safe mode, but I suspect that the tpm will fail checks and refuse to give the bitlocker key if you do that. I know it'll cause integrity checks to fail on x86/x64. If you have the bitlocker key then you can mount it in recovery and back up all the files, but you'll only have that if it's a registered ms account, or the owner went way out of his/her way to get it beforehand.
As ar as MS goes, this isn't their fault. This is your customer's fault and nobody elses. Getting rude and arguing won't solve anything. There is no real need for safe mode on RT, except for security exploits such as what you want.
I did put Safe Mode on my machine... it actually doesn't appear t upset BitLocke to do it, so long as I suspend BitLocker once, reboot, and re-enable it. The check for "has my boot process been messed with?" happens right before where you would get the boot screen. Booting an alternate option from the Windows bootloader doesn't appear to bother it at all.
GoodDayToDie said:
I did put Safe Mode on my machine... it actually doesn't appear t upset BitLocke to do it, so long as I suspend BitLocker once, reboot, and re-enable it. The check for "has my boot process been messed with?" happens right before where you would get the boot screen. Booting an alternate option from the Windows bootloader doesn't appear to bother it at all.
Click to expand...
Click to collapse
Bitlocker checks the state of the BCD before it releases the key. By suspending and restoring it you're saying that the new state is what it should be at. If you didn't suspend it and edited the BCD it should refuse to boot.
I am not an Apple Fanboy. I do not own an iPhone, ever.
But seeing Apple Pay in video, I think Apple really understand what it takes to use NFC. Having to unlock your phone and/or enter a pin before tapping the phone to the NFC reader is more hassle then swiping a credit card and sign.
Yes thanks for the troll!
Oh and you really want anyone that gets their hands on your phone to also be able to spend your cash?
Sent from my SM-G900F using XDA Free mobile app
curioct said:
Yes thanks for the troll!
Oh and you really want anyone that gets their hands on your phone to also be able to spend your cash?
Click to expand...
Click to collapse
No trolling. I don't own and not planning to buy any iPhone, iPod, iPad, AppleTV nor Apple Watch.
There has to be a better way to authorize an NFC transaction then entering a PIN. Face unlock, voice signature comes to mind.
I like the security of entering a pin before authorizing the transaction. If someone steals my phone, they can go tapping all over town spending my money.
pcdebb said:
I like the security of entering a pin before authorizing the transaction. If someone steals my phone, they can go tapping all over town spending my money.
Click to expand...
Click to collapse
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
IMO,
1. NFC on Android should work without having to unlock, like checking-in.
2. Wallet service should allow easier yet secure authentication. Like face unlock, voice recognition, even tap code!
nookin said:
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
IMO,
1. NFC on Android should work without having to unlock, like checking-in.
2. Wallet service should allow easier yet secure authentication. Like face unlock, voice recognition, even tap code!
Click to expand...
Click to collapse
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
pcdebb said:
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
Click to expand...
Click to collapse
Then we get a newer version of google glass with sensors on the earpieces that press against your head and takes brainwaves. You "Think" of the code or passphrase, it gets then taken in by the sensor, encrypted, sent wirelessly to your device, decrypted, authenticated and you pay. As fast as a "thought", well some might have problems but that's another story.
Who will know your code then?... Well atleast until you find some or other method to read peoples minds.
pcdebb said:
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
Click to expand...
Click to collapse
There is a reason the pin pad on check out line has a small barrier. People can see what you type from the side. I can easily see the pattern or the PIN other people use to unlock their phone from a distance because their screen is so large and bright. Well outside of their "personal space". This is because PIN entry has a dilemma, it must display the pin pad that the user can see and large enough for the user's fat finger to touch.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
Click to expand...
Click to collapse
No one suggested authentication is not needed. Voice recognition is not the same as voice signature. Say, the phone can display a random word and you read it to the phone. The phone knows your voice. This is better than entering the same PIN over and over again.
We should be able to configure our own restrictions.
I'd make $20 and below work without unlocking or entering a PIN. and only twice in an hour. Anything over $20 would need my PIN.
PIN Settings
You can set your pin to have a timeout of 15 minutes, 1 day, or never in Google Wallet. This seems like a good compromise. If you have it at one day, you can enter it before you leave your house, or your car, etc...
Biometrics
Biometrics really need hardware integration to be both convenient and secure. The reason Apple added the fingerprint reader in the iPhone 5s is that Apple makes you authenticate for EVERYTHING. In order to store keychain passwords on the iPhone requires that you use a pin on the unlock screen, and from there it's a combo of pin and password for every single thing. Download an app? Password. Change security settings? pin. Download a song? password. Without both a pin and a password for a secured iPhone you never have access to the whole thing but it's a huge pain in the ass.
Enter touch ID- you can register up to 5 finger prints to unlock it and purchase apps and songs- the most common tasks- and now to use NFC pay. It turns the previously annoying security into a simple tap-to-unlock affair. It's silent, it's instantaneous and it is completely private, and it still doesn't give you access to the whole phone. You still have to put in the PIN every time it restarts, and password for certain things. And even if someone gets a hold of the phone, the PIN, the password and the fingerprints, the owner can brick the device remotely with find my iPhone and have it beam its location to Apple until the battery runs out and blacklist its ESN. - I think that's what the OP is talking about when he says that only Apple "gets" NFC Payment- a ****pot worth of security made totally effortless.
I hate to say it but NFC- especially payments- on Android makes me nervous as hell. I like Android for its openness and the ability to customize it and get root access if I want to and make full use of my phone- but I and a lot of other people don't have time to take the security precautions that are necessary for NFC. Apple kind of bubble wraps its users and when it comes to paying for stuff with my phone and that huge unknown, as of now, I'd prefer to be bubble wrapped and pay for stuff with a couple of highly secure taps. Even with voice or face recognition locks- things that can be accomplished in software, without standardizing hardware, it requires a certain locking down of the OS and negates a lot of the appeal of Android.
Yes
nookin said:
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
Click to expand...
Click to collapse
You don't have to. Wallet allows setting the Wallet relock timeout to be as long as 24 hours.
IMHO Apple's implementation of Biometrics is the best so far. That, coupled with the ease of Apple pay makes it the most safe and elegant implementation so far. If nfc payments have to take off, this is the way to do it!
Sent from my Nexus 5 using Tapatalk
nookin said:
There is a reason the pin pad on check out line has a small barrier. People can see what you type from the side. I can easily see the pattern or the PIN other people use to unlock their phone from a distance because their screen is so large and bright. Well outside of their "personal space". This is because PIN entry has a dilemma, it must display the pin pad that the user can see and large enough for the user's fat finger to touch.
No one suggested authentication is not needed. Voice recognition is not the same as voice signature. Say, the phone can display a random word and you read it to the phone. The phone knows your voice. This is better than entering the same PIN over and over again.
Click to expand...
Click to collapse
What if the place you're using it in is very noisy or has a lot of background chatter? How will it be able to recognize your voice under those conditions? Also voice signature sounds a lot like something that would have an annoyingly high failure rate.
AppleCultApostate said:
What if the place you're using it in is very noisy or has a lot of background chatter? How will it be able to recognize your voice under those conditions? Also voice signature sounds a lot like something that would have an annoyingly high failure rate.
Click to expand...
Click to collapse
It is similar to what you do when voice dialing does not work. You can always fall back to PIN entry.
Entropy512 said:
You don't have to. Wallet allows setting the Wallet relock timeout to be as long as 24 hours.
Click to expand...
Click to collapse
That is a very bad workaround. You are essentially giving up security. It is like you are tired of using key to unlock a door that you decided to leave the door unlocked, for 24 hours.
I think you're all taking this security thing a little too seriously. I've been using paypass contactless credit card for years now, and I love that it doesn't need any authentication up to $20. Above that it needs the PIN. I think this is the way to go, fingerprint is not bad either.
Well that may be the case but you have to remember that nfc is still new technology. Android has been using if for years (android phones). In all of that time it took apple like 5 years to make a iphone that has specs even worth mentioning. Also android has google wallet a nfc payment system like apple pay. So really it comes down to who can have more features in the long run. On samsung phones theres samsung wallet and im pretty sure on the s5 it uses fingerprint as well.
I have the screen lock activated on my Pixel 3a XLs but do not feel it is sufficient, nor would I trust the fingerprint lock. Ideally I would like to be able to use a passphrase to decrypt the phone when turning it on and a PIN when bypassing the lock screen. No fingerprint lock since I have read many stories about how easily they can be fooled.
I do not see any way of entering a passphrase (which I have used on my previous phones and am using on a tablet running Android 7) - is there one? The program cryptfs does not work on Android 9.
Also, is there a way of limiting the number of attempts at entering a screen lock PIN? And a way of setting a minimum delay between each entry? As it is now, a robot could hypothetically be used to quickly go through a large number of PIN codes until the correct one is found...
I think you have to use the same method for both decrypting the phone initially and then to unlock the lock screen.
So if you want to use a passcode to decrypt, you will have to use it to unlock the phone. Setting up the passcode under settings/security/screen lock/password should also set it up for decryption.
sic0048 said:
I think you have to use the same method for both decrypting the phone initially and then to unlock the lock screen.
So if you want to use a passcode to decrypt, you will have to use it to unlock the phone. Setting up the passcode under settings/security/screen lock/password should also set it up for decryption.
Click to expand...
Click to collapse
That would be unfortunate. I know Android 7 allowed me to have a passphrase for decrypting the data partition and a PIN for unlocking the screen.
Does anyone know about the other questions I raised, ie setting a maximum number of unlock attempts and a minimum time between attempts?