Why are pins required on boot on devices with fingerprint readers?












2














Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".



Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?










share|improve this question
























  • Can somebody retag this if needed? I couldn't find anything more specific.
    – Jason C
    2 hours ago










  • Possible duplicate of Why do mobile devices force user to type password after reboot?
    – forest
    43 mins ago










  • I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
    – forest
    42 mins ago
















2














Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".



Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?










share|improve this question
























  • Can somebody retag this if needed? I couldn't find anything more specific.
    – Jason C
    2 hours ago










  • Possible duplicate of Why do mobile devices force user to type password after reboot?
    – forest
    43 mins ago










  • I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
    – forest
    42 mins ago














2












2








2


1





Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".



Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?










share|improve this question















Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".



Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?







authentication biometrics boot






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 hours ago









forest

33k15106113




33k15106113










asked 2 hours ago









Jason C

185114




185114












  • Can somebody retag this if needed? I couldn't find anything more specific.
    – Jason C
    2 hours ago










  • Possible duplicate of Why do mobile devices force user to type password after reboot?
    – forest
    43 mins ago










  • I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
    – forest
    42 mins ago


















  • Can somebody retag this if needed? I couldn't find anything more specific.
    – Jason C
    2 hours ago










  • Possible duplicate of Why do mobile devices force user to type password after reboot?
    – forest
    43 mins ago










  • I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
    – forest
    42 mins ago
















Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago




Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago












Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago




Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago












I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago




I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago










2 Answers
2






active

oldest

votes


















2














The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.






share|improve this answer





























    0














    This is not a full answer and would be a comment but I don't have the rep. Sorry.



    Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).






    share|improve this answer








    New contributor




    user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.














    • 1




      @JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
      – forest
      50 mins ago













    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200929%2fwhy-are-pins-required-on-boot-on-devices-with-fingerprint-readers%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.






    share|improve this answer


























      2














      The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.






      share|improve this answer
























        2












        2








        2






        The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.






        share|improve this answer












        The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 48 mins ago









        forest

        33k15106113




        33k15106113

























            0














            This is not a full answer and would be a comment but I don't have the rep. Sorry.



            Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).






            share|improve this answer








            New contributor




            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 1




              @JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
              – forest
              50 mins ago


















            0














            This is not a full answer and would be a comment but I don't have the rep. Sorry.



            Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).






            share|improve this answer








            New contributor




            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 1




              @JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
              – forest
              50 mins ago
















            0












            0








            0






            This is not a full answer and would be a comment but I don't have the rep. Sorry.



            Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).






            share|improve this answer








            New contributor




            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            This is not a full answer and would be a comment but I don't have the rep. Sorry.



            Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).







            share|improve this answer








            New contributor




            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            share|improve this answer



            share|improve this answer






            New contributor




            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            answered 1 hour ago









            user8998021

            11




            11




            New contributor




            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





            New contributor





            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.






            user8998021 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            • 1




              @JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
              – forest
              50 mins ago
















            • 1




              @JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
              – forest
              50 mins ago










            1




            1




            @JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
            – forest
            50 mins ago






            @JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
            – forest
            50 mins ago




















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200929%2fwhy-are-pins-required-on-boot-on-devices-with-fingerprint-readers%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Accessing regular linux commands in Huawei's Dopra Linux

            Can't connect RFCOMM socket: Host is down

            Kernel panic - not syncing: Fatal Exception in Interrupt