alt Hacker NewsStop Using Face ID
Comments
If you have Face ID enabled, you can put your iPhone in hard-lock mode and require a passcode by pressing and holding the side (aka power) button and either of the volume buttons for a couple seconds.
It will pop up an emergency screen, but just tap the power button once more to cancel it.
I'm fortunate to be in a position where I don't attract negative attention from law enforcement, but this is still muscle memory to me.
Edit: You can also do the same thing by quickly pressing the side button alone five times.
Edit 2: mcc1ane beat me while I was editing!
How many times do you unlock your phone a day? For some people it’s over 100+ times a day Face ID is convenient, useful and secure. The alternative? People will use short numeric passcodes that are easy to bypass with devices like Cellulite.
Instead, we should push for laws and protections around our private devices. The 4th Amendment actually protects our personal effects and imo this biometric loophole is illegal.
As the other commenter pointed out, in the meantime, practice how to quickly lock your phone - and better yet, when in dangerous situations, leave it behind or turn it off.
I've been thinking about this recently and I disagree. Keep biometrics and know how to disable them quickly (usually 5x power button)
I think the most likely case where you'll be compelled to hand over your device is an airport immigration desk / room. And what do airports have? Lots and lots of CCTV. From the moment you step off the plane or jetway into the terminal there are cameras everywhere. Enter your PIN once in view of those cameras and it's on record for forensics to pick up.
I actually hate when my phone requires me to enter my PIN on public because I have to angle it away from cameras and eyes like I'm looking at smut.
Nobody should use biometric ID systems. Resetting my password requires plastic surgery? No thanks.
Involuntary compliance [1], false positives and false negatives are all big, unsolvable problems with biometrics.
[1] To some extent, all authentication systems are vulnerable to legitimate users acting under coercion. https://xkcd.com/538/
Biometric systems take the choice of compliance away from the user, they can physically force you to unlock your phone. With a password you have a choice not to comply even in coercive scenarios; you have the option to say "I'm willing to die from getting hit with the wrench before I'll give up the password."
To me this article is “meta” and tells a very different story: “America is an authoritarian hellhole where trivial matters such as how you lock your phone can put you in real danger. Not from gangs, but from the government.”
I went to the US on holidays recently and several people sat me down before I left to give me a very serious talk warning me about the police being deadly dangerous to anyone that doesn’t behave “just right”. You know: show your hands, don’t reach for things unless prompted, that kind of thing that I just don’t have to worry about over here — where “here” is most of the rest of the Planet.
The last time I felt like this — that I had to worry about the police as a law abiding citizen — was in communist country behind the iron curtain.
You’ve all managed to turn the “land of the free” into a copy of the enemy you made fun of.
I guess Trump is right: the US and Russia should be friends. You’re more similar than different.
The iPhone automatically goes into BFU (Before First Unlock) after 72 hours of inactivity (it actually reboots the phone). This can’t be disabled.
In addition, there are additional restrictions where your passcode will be required. For example, if the passcode has not been used to unlock the device in the last six days and Face ID has not unlocked the device in the last eight hours, then you must use a passcode to access the device (in other words, biometric unlock is automatically disabled).
If you've ever wondered why you've had to enter your passcode after a good night's sleep and haven't entered your passcode recently, that's probably why!
Given these built-in precautions, a click-bait headline like this is a bit excessive for most people.