Why are pins required on boot on devices with fingerprint readers?
Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".
Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?
authentication biometrics boot
add a comment |
Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".
Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?
authentication biometrics boot
Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago
Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago
I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago
add a comment |
Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".
Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?
authentication biometrics boot
Both my iPad and my android phone are configured to allow access via either a pin, or a fingerprint scan. However, immediately after a reboot, neither device allows a fingerprint for the first unlock; the pin is required instead. Both devices state "a pin is required to unlock after a reboot".
Why is this? What risk is associated with allowing a fingerprint unlock directly after a power on?
authentication biometrics boot
authentication biometrics boot
edited 2 hours ago
forest
33k15106113
33k15106113
asked 2 hours ago
Jason C
185114
185114
Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago
Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago
I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago
add a comment |
Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago
Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago
I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago
Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago
Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago
Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago
Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago
I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago
I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago
add a comment |
2 Answers
2
active
oldest
votes
The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.
add a comment |
This is not a full answer and would be a comment but I don't have the rep. Sorry.
Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).
New contributor
1
@JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
– forest
50 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200929%2fwhy-are-pins-required-on-boot-on-devices-with-fingerprint-readers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.
add a comment |
The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.
add a comment |
The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.
The PIN is used to derive an encryption key, whereas the fingerprint is used only for authentication. Because the encryption key is kept in memory during runtime, it is lost after a reboot and needs to be supplied again. It is supplied via the PIN or passphrase that you are required to enter.
answered 48 mins ago
forest
33k15106113
33k15106113
add a comment |
add a comment |
This is not a full answer and would be a comment but I don't have the rep. Sorry.
Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).
New contributor
1
@JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
– forest
50 mins ago
add a comment |
This is not a full answer and would be a comment but I don't have the rep. Sorry.
Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).
New contributor
1
@JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
– forest
50 mins ago
add a comment |
This is not a full answer and would be a comment but I don't have the rep. Sorry.
Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).
New contributor
This is not a full answer and would be a comment but I don't have the rep. Sorry.
Why iOS asks for a pin initially is exaplined in this Black Hat talk at about 15 minutes. I naively assume Android is similar (?).
New contributor
New contributor
answered 1 hour ago
user8998021
11
11
New contributor
New contributor
1
@JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
– forest
50 mins ago
add a comment |
1
@JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
– forest
50 mins ago
1
1
@JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
– forest
50 mins ago
@JasonC Heh you're right. I saw "This is not a full answer" and then "Why [...]" and flagged as NAA.
– forest
50 mins ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200929%2fwhy-are-pins-required-on-boot-on-devices-with-fingerprint-readers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can somebody retag this if needed? I couldn't find anything more specific.
– Jason C
2 hours ago
Possible duplicate of Why do mobile devices force user to type password after reboot?
– forest
43 mins ago
I just found this duplicate. The answer explains why this is the case even with fingerprint readers.
– forest
42 mins ago