The FBI used a suspect’s face to unlock his iPhone in Ohio case There is a legal difference between a passcode and something like Face ID September 30, 2018 https://www.theverge.com/2018/9/30/17920798/fbi-child-pornography-iphone-x-suspect-face-id Feds Force Suspect To Unlock An Apple iPhone X With Their Face September 30, 2018 https://www.forbes.com/sites/thomasbrewster/2018/09/30/feds-force-suspect-to-unlock-apple-iphone-x-with-their-face/
That goes to show you not to use your face for authentication, even you don't feel like you have anything to hide. It may be ok to use in combination with a password, but not alone.
Ha...ha... so biometrics is the backdoor that the law enforcement agencies and national security agencies asking for, right?
Yes, excellent point! But really, biometric identifiers should be used (if at all) only as one factor in 2FA. With the other factor hard to pwn. Unless it doesn't matter, of course, because you don't really care, or because relevant adversaries can't force you to unlock.
Apparently so! No one should use single factor biometrics as their sole authentication method. It should be used in combination with a password, or a second biometrics authenticator. I can imagine this scenario where the cops are fighting with a subject (rolling around everywhere) trying to hold his/her face down to a facial recognition reader lol
I can easier imagine the subject being too stupid to realize what the police are doing when they point his phone at him.
Assuming you have a few seconds warning Android Pie has a solution, which I use. For simplicity I use biometrics for general privacy on my encrypted Pixels. I can use my finger to unlock the phone and then toggle one simple button and select "Lockdown" which completely disables all biometric access. Now you need to know my 15 character passphrase to de-crypt anything or even unlock the phone. In theory its a solid lockdown and the encryption seems good. As I have stated before, I won't bet my "bacon" on anything Android as I might with a linux computer. I would love to see a report on the "feds" trying to access my phone type based on having to beat the Lockdown feature, assuming a decent and solid passphrase.
For those who don't know, under federal law, biometrics are not covered under the same protections as a user password. The circumstances under which a judge can order you to unlock a device are much less restrictive. Biometrics do not offer you any legal privacy protection to keep LEAs from accessing your electronic gadgets in the U.S. I am not certain about other countries.....
I guess that's because it's something about who you are, rather than what you know. And biometric markers aren't covered under the Bill of Rights. That was established long ago, I think, for fingerprints. And it probably also applies to DNA sampling.
The Newest Password Technology Is Making Your Phone Easier for Police to Search October 10, 2018 https://www.nextgov.com/cybersecuri...ne-easier-police-search/151892/?oref=rf-river
Cops Told ‘Don’t Look’ at New iPhones to Avoid Face ID Lock-Out October 12, 2018 https://motherboard.vice.com/en_us/article/5984jq/cops-dont-look-iphonex-face-id-unlock-elcomsoft