Hacker News new | comments | show | ask | jobs | submit login

I really liked this write-up because it focused on the practicality of the various security mechanisms. Most articles I see usually have a blanket statement like "All biometric security mechanisms are bad!". I think this article does a good job comparing the various logins and describing the pros and cons for different people. Specifically, I appreciate the author calling out when people bring up the "What if" edge-cases, where the correct response is you likely have much bigger problems at that point than the security level of your phone.

Specifically, getting more people to have better security on their devices is a very difficult User Experience problem, and Apple's pretty good at solving these kinds of problems.

TouchID moved the ball forward quite a bit, and FaceID will probably go even further.

Obviously neither provide ultimate security, but Apple is in a strategic advantage since they make the hardware and software to make the barn walls and roof super secure, but it does nothing if the front door is left open.

Before TouchID, I set my passcode to 0000 with a four-hour window where I didn't have to reenter it. I only had one set at all because Find My Friends refused to keep me logged in unless I had a passcode set.

With TouchID, I have a complex passcode that I have to enter a couple times a week. It's less secure than some hypothetical setup where I have a complex passcode I have to enter every time I unlock the phone, but it's far more secure than what I was actually doing before.

My android phone forces me to re-enter my passcode every 24 hours.

I think that strikes a nice security median. If someone does get procession of my phone, I only need to stall for less than 24 hours.

The rest of the time, the fingerprint scanner works near perfectly. It's actually faster to use the fingerprint scanner than the standard slide to unlock, which is all I ever had setup on my previous phones.

iOS does the same after 48 hours of not being unlocked or re-authorized. I agree that this seems like a decent security compromise. Anyone with physical access to your phone for more than 48 hours has other vectors to pursue that are far easier than just trying to guess your password.

Is this a standard setting that can be managed?

Here's a dumb question I haven not easily found the answer to.

Can I configure my iphone to require TouchID, FaceID, and a PIN for each unlock of my phone every time?

>All biometric security mechanisms are bad

They are though, if bad == insecure. Customs can make you unlock with fingerprint or face. If you can't lock yourself out, it's not secure.

Biometric security mechanisms are the best security mechanisms.

Because they fall in the category of "will be used" as opposed to perfect security, which almost always falls in the category "won't be used"

That's why you temporarily disable biometric authentication before you go through customs. On iOS, this is as easy as turning the device off, and in iOS 11 it just takes five quick presses of the sleep button.

Customs can do that anyway if you have a password.

Constitutionally, an individual can not be forced to enter a password for law enforcement (including customs agents).

That's the point, "constitutionally" while they lock you up for hours/days on end to obtain the warrant needed to give up your password unless you are willing to stay locked up.

Many border agents, it seems, have the “if you have nothing to hide” mentality. So if you’re refusing to unlock your phone, clearly you’re hiding something.

Get that sweet settlement for wrongful imprisonment.

Or, you know, no settlement, and not even a "sorry, oops" either.

How many times has this actually happened though?

That would be comforting if both (a) and (b) were true:

(a) the world was only US citizens.

(b) nothing unconstitutional ever happened to the first group.

> Customs can do that anyway if you have a password.

Allow me to repeat myself,

If you can't lock yourself out, it's not secure.

For example, some banks have time locks. Nobody gets into the vault, unless it is in a certain window of time.

>If you can't lock yourself out, it's not secure.

It's not secure if you can lock yourself out either.

A court could hold you in contempt for failing to unlock or intently locking.

And a state actor or even mugger could just hurt you or even kill you, in frustration if you don't open it for them.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact