Privacy @lemmy.world aa1 @lemm.ee 6 mo. ago

GrapheneOS Now Supports a Duress Reset PIN

grapheneos.social GrapheneOS (@GrapheneOS@grapheneos.social)

Our upcoming 2-factor fingerprint unlock will make using a strong passphrase as primary unlock method practical via fingerprint+PIN secondary unlock instead of fingerprint-only. Great for people who want to avoid relying on secure element throttling but don't want fp-only unlock.

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

The wipe does not require a reboot and cannot be interrupted. It can be set up at Settings > Security > Duress Password in the owner profile. Both a duress PIN and password will need to be set to account for different profiles that may have different unlock methods.

Note that if the duress PIN/Password is the same as the actual unlock method, the actual unlock method always takes precedence, and therefore no wipe will occur.

Source: https://grapheneos.org/features#duress

Privacy @lemmy.ml aa1 @lemm.ee 6 mo. ago

GrapheneOS Now Supports a Duress Reset PIN

grapheneos.social /@GrapheneOS/112547803121731809

GrapheneOS [Unofficial] @lemmy.ml KindnessInfinity @lemmy.ml 6 mo. ago

GrapheneOS Now Supports a Duress Reset PIN and More

grapheneos.social /@GrapheneOS/112547803121731809

15 comments

0118 999 881 999 119 725… 3.

This is great, I would like to also see a duress fingerprint option.
- The print of the middle finger, one might suggest
  
  That's funny. But I was thinking the opposite. Use your middle finger to unlock your phone, but your index finger is your duress finger. Because most people use their index finger/thumb. So it wouldn't raise suspicion
- Good reference, I would set it to something shorter like 12345 (same thing an idiot keeps on their luggage). Keep your pin yours, but if you set the duress code to a default PW like that (and dont have kids that would just try the it at random) if the phone gets taken there is a non-zero chance that they just guess it and nuke the device.
- Unexpected IT crowd reference.
  
  I think the android dialler has/had an Easter egg when you type this number in
  
  E: the AOSP one still has it :)
- Well, that's easy to remember!
That's awesome, I've been missing this feature.
Since you're all here and Graphene doesn't work on my ancient 3a, do you have any alternatives you'd recommend?
- lineageos https://wiki.lineageos.org/devices/sargo/
  
  calyxos https://calyxos.org/install/devices/sargo/windows/ [until August 2024, so not worth it]
  
  divestos https://divestos.org/pages/devices
  
  lineage will give you the most feature complete environment
  
  DivestOS is fun to play with, but even coming from GOS its going to have a big learning curve.
  
  There is always the option of just using the 3A with the stock OS, unsupported, especially if you want to regift the phone to a young relative.
  
  <3 tx
  
  It's my old phone, i use it for gps now, but i want to learn how to do the things
  
  Appreciate it
- If i was you, i would buy a Google Pixel 8 (8a is cheaper than 8 and 8 pro). They all provide support for GrapheneOS, have 7 years of updates, MTE, and so on
  
  For context: https://grapheneos.org/faq#device-support
  
  My daily driver is a 7a, my older 3a is the experiment and learn phone

You've viewed 15 comments.