Allow PIN input next to Fingerprint to unlock DiceKey in app

[johanbove]

I understand it is not a biometric identifier, and it implies a less secure way to access the DiceKey, but I have lots of issues with the fingerprint reader on my device (FairPhone3) where it does not recognise the fingerprint and keeps saying the "sensor is dirty" and it would help me a lot if accessing the stored DiceKey could be unlocked using a PIN.

Alternatively, could it be made possible to use a SoloKey (USB Type-C) to unlock a DiceKey in the app? Most recent phones have USB Type-C connectors.

[grnewell]

I too would like to "vote" for adding a passcode or PIN as an optional input each time when generating a secret recipe. Unlike the current KDF seed, which is stored in the recipe, it should be prompted for each time. This would add a factor for "something I know" in addition to the "something I have" (namely Dicekeys, PC and/or phone). Having the entire security rest upon keeping the Dicekeys and recipes secret seems problematic to me, as they can all be stolen. "Something I know" requires a different type of attack to break. I don't know if you have seen how some of the crypto apps (Trezor, Mycelium) collect user PINS on touchscreen devices: They display a randomized 10-number keypad each time, and the user has to enter his PIN on that. This is another nice technique to foil certain attacks.

[UppaJung]

[I earlier mistakenly posted a comment assuming this was a password combined with the DiceKey, not to unlock the app. I moved that comment to #111]

[UppaJung]

Also, to add context to discussion, the iOS/MacOS app allows any factor used to unlock the device, which includes the PIN as an option.

[johanbove]

I appreciate @grnewell contribution to this issue, but that is not what I meant to talk about. The pin code entry to unlock the DiceKey key would only be for securing the access to the key already stored on the Android app in case there is no biometric means of securing the DiceKey secrets. The pin code should not block access to the app itself. It would be the alternative of not having any biometric way of unlocking the stored DiceKey. "No fingerprint reader or faceid? Use a pin instead." The user still has the hardware DiceKey kept somewhere safe and could still open the app and scan the hardware code and get access to the secrets stored on the phone. The pin is not meant to stop someone who has access to the master key. Because that would be besides the purpose of DiceKey.

[johanbove]

Also, to add context to discussion, the iOS/MacOS app allows any factor used to unlock the device, which includes the PIN as an option.

So to summarize : The Android app should allow PIN too.

Thanks for being to the point 😊

[JohnLGalt]

As an addition to this RFF, could the app made to allow for multliple authentication methods to be used?

My EOL Pixel 2 XL has only FP and PIN, and my current Pixel 4 XL has only facial recognition and PIN. Using only the Biometric authentication methods available, someone could reasonably violate my rights and force an unlock via FP on the 2XL or Face on the 4XL (which is so fast that one could easily be tricked into doing so, whether by unscrupulous law enforcement or a malicious actor who might have incapacitated me).

So, in addition to the ability to use PIN, would be great to allow the use of PIN as a secondary layer of authentication.

If this should be a separate RFF, please let me know and I'll make one.