←back to thread

286 points joegibbs | 2 comments | | HN request time: 0.416s | source
Show context
SoftTalker ◴[] No.42143463[source]
If this is true, then it's a trivial enhancement to make that a configurable setting. 72 hours could be the default, if your security needs are higher, you could turn that down to 12 hours, or even less.
replies(5): >>42143486 #>>42143699 #>>42144046 #>>42144580 #>>42145188 #
chatmasta ◴[] No.42143699[source]
If this were configurable, I would make it 30 minutes and increase it if I noticed any inconvenience. But I doubt that I would. I already have my phone in permanent do-not-disturb (so a reboot causing delayed notifications wouldn't be an issue), and it's not like I mind entering my passcode instead of FaceID every 30 minutes.
replies(4): >>42143720 #>>42143792 #>>42144287 #>>42144673 #
1. karlgkk ◴[] No.42143720[source]
I don't know where you live, but in the US it's basically understood by the courts that FaceID is not protected, but PIN is.

So if your threat model includes the sort of attacker that has a phone exploit or the ability to confiscate it, you should not be using FaceID. Instead, consider using six digit PIN with auto-delete after 10 attempts. Also enable Lockdown Mode And if you use iCloud, enable Advanced Data Protection.

replies(1): >>42143730 #
2. chatmasta ◴[] No.42143730[source]
Yeah, I consider FaceID to be basically a time-limited vulnerability akin to "remember me," because unlocking is a matter of just showing your face. It's convenient and I like it, but I don't get too upset when it asks me to enter a PIN (although I am annoyed when it doesn't respond well to the "swipe up to enter passcode").