@mlanger @canadianglen I'll only buy the iPhone SE, since it still supports touchID. I like the convenience, but FaceID feels icky and less secure.

@mlanger Marginally relevant: I worked with a pair of twins who could unlock each others' phones using Face ID. They occasionally used it to play good-natured pranks on each other.

@mlanger No, and I don't know anyone who does. I wouldn't say I know a lot of privacy-obsessed people or anything, I just haven't seen anyone adopting that method.

@mlanger

I don't because the police could force me to unlock the phone if I used my face or fingerprint. A gesture or password they cannot force from me.

Not that I have any reason to mistrust the police or anything, but ACAB, so, y'know.

Besides, I use Signal for anything good, and set it to erase at the end of each day. So I rarely need to hold out for long.

@mlanger I'm tired of having to get a face lift and new fingerprints every time I need to change my password.

@mlanger i mean i have it, but i always type in the pattern faster than it takes to unlock, lol

@mlanger @DWTSquawk7600 reading your replies, I’d be interested in the split between US & non-US answers.

If you're concerned about the story doing the rounds in the press currently, the headlines are BS.

@mlanger

I don't want anything I use to have the ability to be unlocked by police without a warrant.

"Police are not allowed to demand someone to provide their pass code because that would be deemed “testimonial” and go against Fifth Amendment protections from self-incrimination."

https://www.forbes.com/sites/thomasbrewster/2021/11/29/fbi-no-consent-required-for-forced-phone-unlocks-via-finger-or-face/

@mlanger so the cops can unlock my phone by pointing it at my face? Nah.

@mlanger I only use face unlock (on Android) on devices without other biometrics.

@mlanger I can't even get touch ID to work reliably

@mlanger I use Face ID because fingerprint scanners don't work very well on me (I guess my fingerprint is too fine)

@mlanger No, and will not. I do not trust the state to not use this to unlock a device of mine against my will.

@mlanger@mastodon.world I have face recognition set up on both of my Android devices, but the truth is it seldom works. Fingerprint is more reliable but still sometimes fails.

@mlanger since i have iphone that has face id, i didn't use anything else (except pass for after-update unlock)

@mlanger Face unlock seems insecure to me. I have never used it, and I don't feel the need to.

@mlanger
Not just no but hell no!

@mlanger
No

@mlanger

I use FaceID for convenience as my company requires a lengthy passcode for any corporate connected personal devices and typing in a 12+ digit passcode every time I want to open my phone is impractical.

@mlanger yes. iOS. It’s much worse than a fingerprint.

@mlanger I use it but also I know the quick way to disable it in case I'm in a situation where it could compromise me.

(Hold the side button and one of the volume buttons together for two seconds, then press the side button again once the options to turn off the phone or make an emergency call appear. FaceID will be disabled until you enter your passcode.)

@mlanger Only had a FaceID phone for a few weeks but I use it all day, every day...

@mlanger I do not use FaceId on my Android Phones, but I do tech-support for people.
They hand me their phones, and I see FaceId lock, so ask "Say Cheese" and point their phone at them! Ping! unlock! (usually works - not always)
It always feels like I'm saying "Look, Mr Jobs, I have the owner right here with me! Please let me in!"

@mlanger Yes. FaceID and TouchID. The reasons not to are mostly far-fetched.

Also, FaceID/TouchID are more secure than a PIN or password when out and about in public.

Windows Hello on my work PC, however, is laughably insecure (I've had my PC unlock several times without my being anywhere near to looking at it. Eg my cat once did so by walking in front of the screen). So it's highly ironic that work lets us use Windows Hello on the PCs but won't let us use TouchID on the Macs.

@mlanger I'd really love touchID again, since faceid and masks is iffy at best.

The actual security is mostly a non-issue though. I can almost certainly trust the people in my environment.

@mlanger @passenger Absolutely not. No notifications on the lock page either.

@mlanger I don't trust cops (at home or abroad) so no biometrics for me

@mlanger Not on a bet.

The first time i saw a cop unlock a phone they had no business touching i swore such things off.

@mlanger but mostly use my backup pin

@mlanger hell no

@mlanger hell no

@mlanger I avoid using biometric security as much as possible

@mlanger@mastodon.world using fingerprint unlock + PIN here on Android

@mlanger i keep lil vinyl stickers on my cameras, but use fingerprint scanner for lock (android)

@mlanger Hell no !

@mlanger It just seems really inconvenient compared to fingerprint, to me. You have to hold your phone in the right place, presumably look at it, I imagine it wouldn't work in the dark etc... whereas with fingerprint, my phone just unlocks as I pick it up. Quick and easy.

And yes, I disable fingerprint when I'm at risk of interacting with cops.

@mlanger for those use iPhone and have concerns on Face ID/Touch ID, note that press volume key and unlock key for a few seconds, that normally brings up a slider to power off the device, will also disable the bio identification and requires entering PIN numbers to unlock it again. In fact I’m more concerned about if only uses PIN it is harder for me to always remember covering to prevent the combination be recorded by either human or surveillance cameras

@mlanger I have sight issues. I have enough sight to use the phone without voice assistant, bit I put it very close to my face. I had an iPhone Xs and I HATED FaceID. I had to put the phone far from me to pay or buy apps, there wasn’t unlock sound at the beginning… FaceID is, for me, very inaccessible, and that’s the reason I have an iPhone SE right now. TouchID or equivalent is more confortable for me.
That said, if you’re asking for biometry in general… yes, I use TouchID. A lot.

@mlanger FaceID on iPhone and TouchID on MacBook. I’d prefer TouchID on iPhone as well tbh but Apple seem not to be interested in under-the-screen readers.

@mlanger@mastodon.world I messed with it once on Android, but it meant that my phone unlocked as soon as it picked up my face, and I didn't like that function.

@mlanger

I mean, it's set up, but it never seems to recognize my face anyway.

@mlanger Use always a pin number. The longer the better.

Forget about biometric shit.

@mlanger@mastodon.world using it regularly, tho it does sometimes fail with mask+hair in front of my face

@mlanger I don't trust any authentication method that somebody could use without my consent like when I'm passed out or asleep, passwords only

@mlanger nope, still use an old fashioned passcode

@mlanger No! I do not want my devices unlocked by a passive system. Your phone held in front of your face while being mugged? Or while asleep? Nope.

@mlanger No. To the best of my knowledge: In the USA there is an ability to plead the 5th and not incriminate yourself. you have the right to not remember a password, or unlock pattern. but with a search warrant, the government can force you to give a finger print or other biometric info to unlock a device.

I am not an attorney

@mlanger I don't but I had a recent objection to magic links from a survey of GenZ (my kids) who wanted login/password back so that they could still use Apple FaceID to log in using password manager.

@mlanger yup FaceID is amazing.

@mlanger hell no

@mlanger face id yes. i would not trust any android equivalent

@mlanger where's my option for "Fuck, no"?

@mlanger No ... I haven't been able to make it work reliably.

@mlanger

I've stopped using even the fingerprint sensor, and the reason is not opsec, but a certain distaste at getting my fingers cut off.

@mlanger I used to and then stopped. Now I just use the finger print

@mlanger absolutely not. it does nothing whatsoever for our threat model.

@mlanger
Nope. Don't trust using any part of my body as an authentication method. If it gets compromised, I can't exactly replace it.

@mlanger No, and the reason is convenience. With face unlock, you still have to swipe to get past the lock screen. With fingerprint, it's one action and you're in. The consistency over time is a massive benefit.

@mlanger I’m surprised at these results. And would like to know why the hesitation. In the case of Apple, biometric data is stored on the phone, doesn’t go into the cloud and is not shared with the authenticating party. However retailers, airlines and other orgs routinely collect store and share biometric data. Call centers for example. And ordering boards at fast food joints

@mlanger delighted that Android phones still have fingerprint readers. Not sure what I would do if faceID was required on Android

@mlanger I’m surprised about how the majority voted no, woah

@mlanger I use it on my iPad for the convenience factor, but not on my phone - not because of security per se, but because I don't want my phone to unlock just because I wanted to see my notifications!

of note - I got the iPad for making art and don't use it for Apple-y stuff, so I'm not getting notifications on it and I'm usually not taking it anywhere, the way I bring my phone nearly everywhere.

@mlanger
I have a question for all you faceid peeps/techies: since some apps recognize your face already from photos,, is it possible to open a phone with a video or photo of your face?
🤔 📸

@mlanger I can’t imagine not using it! I have it on several devices and it saves a lot of hassle. I have my watch unlock my phone and my workstation. Otherwise I use fingerprint unlock on the workstation. The watch and face id linkage was great during covid too. If a mask obscured the face id, the addition of the watch unlocked the phone. Loved it!

@mlanger Face rec on Android usually is faster than me putting my finger on the fingerprint reader, but on the cases it isn't or it fails, the fingerprint is already being scanned because the reader is placed where I would unlock my phone anyway.

It works well, the 1st method to match wins, so unlocks are consistently fast.

@mlanger no and i will never use it

@mlanger I don't use anything except a password since the courts ruled you can't be compelled to provide that to the cops, but they can make you use biometrics.

@mlanger My main goal is to keep my brothers out, which I don't think facial recognition can do well enough (and also it doesn't like hats or glasses, which I wear all the time). I would use fingerprint recognition but I don't have a fingerprint (skin condition), so I have to use a PIN.

@mlanger

Where's the, "Hell no, I'm not giving a corporation my face" option?

@mlanger I think I'd prefer Touch ID to Face ID, but Face ID is what I have on my Pixel 4 and iPad, so I choose it out of convenience over entering a PIN, even though I'm not 100% sure I trust it

@mlanger never. No facial recognition, no thumb prints—all that shit creeps me out.

@mlanger theoretically…it never works 😂

@mlanger FWIW, I have heard Apple representatives say that Face ID has way more entropy than their fingerprint scanners and hence is more secure. (This does not necessarily apply to recent versions of Android which do face recognition with their selfie cameras instead of 3D scanning.) I'm not aware of peer-reviewed research on this, so I'd take it with a grain of salt; its just what a member of the team that did the development of the hardware told me at a conference.

@mlanger Absolutely not.

@cary5871 @mlanger No. I just started using fingerprint ID on my Android phone in late November.

@mlanger
@jamigibbs

Phone, no. PC, yes.

@mlanger no. fuck biometrics.

@mlanger my android has both face and fingerprint, and I do have them both configured. Which one I use depends on how dark the environment is, although sometimes it thinks there isn’t enough light and then unlocks by face before I can touch the fingerprint scanner.

@mlanger

I use face unlock because my biggest threat is me losing my phone and some idiot finding it.

As an American, all my personal data is for sale by data brokers already so any law enforcement organization could get it without access to my phone.

@mlanger hell no! I use an 11 digit pin on my device and no fingerprint or Face ID unlock.
Yes. I’m paranoid, because I’ve worked in IT for way too long.

@mlanger I never use biometrics. Cops can unlock your phone without your consent with biometrics.

@mlanger yes, even though it’s terrible and i miss touchid every day. i ended up changing my secure phone password to a shorter, easy to type one because i now have to type it multiple times a day when my face stops working. i know it’s all bad but convenience over security sigh

@mlanger yes

@mlanger don’t need some arse hole shoulder surfing my password

@mlanger
The nice thing with faces, fingerprints, and social security numbers is that they're so easy to change if they leak or are compromised!

@mlanger yes, I do.

@mlanger

Never enable Face ID security: law enforcement can force you to unlock - where they cannot force you to open the device with a numeric ID.

I don't enable Siri or anything which uses a microphone,