Two Factor PIN + Fingerprint Unlock

New Two Factor Unlock in Graphene OS

Extreme Security ➤ Two Factor Unlock

Graphene OS introduces the new two-factor fingerprint unlock feature. This new feature adds the option to set a PIN to use with fingerprint unlock. You can use a strong passphrase as the primary unlock method with Fingerprint + PIN as the secondary unlock.

The usual restrictions on fingerprint unlock still apply. It's a secondary unlock mechanism only usable for 48 hours after the last primary unlock. The limit on failed fingerprint unlock attempts in GrapheneOS is 5 as opposed to allowing 4 batches of 5 attempts (20 total) with 30s delays in between.

The devices we support have a high quality secure element heavily throttling unlock attempts which is why a random 6 digit PIN provides secure encryption, unlike most Android devices. It's nicer to have a strong passphrase not depending on an attacker never being able to exploit the secure element.

Our new 2-factor fingerprint unlock feature means you can get this benefit of a strong passphrase while still having the convenience of a PIN. Since our PIN scrambling feature works with the 2nd factor PIN, you get the combined anti-shoulder-surfing benefits of a scrambled PIN and a fingerprint.

If you want to avoid entering your passphrase in public, you just need to make sure to refresh the 48 hour timer after last using it to unlock to keep fingerprint unlock available. We plan to add configuration for how many failed fingerprint unlock attempts are allowed to help with this use case.

We came up with the concept for this 2-factor fingerprint unlock feature in 2015 and filed it in the public issue tracker in 2016. This was extremely difficult to implement correctly and we needed to fix multiple upstream Android bugs. The lockscreen will be more robust even if you don't use this.

This is now one of the flagship features of GrapheneOS alongside hardened_malloc, hardware memory tagging, hardware-level disabling of the USB-C port, Storage Scopes, Contact Scopes, sandboxed Google Play compatibility layer, etc. It will be harder to port to new versions than our existing features.

Our duress PIN/password feature is fully compatible with our 2-factor fingerprint unlock and will near instantly wipe the device as usual if you enter the duress PIN instead of the correct 2nd factor PIN for fingerprint unlock — Graphene OS Development Team