I don't want the device's passcode to be able to unlock the 2FA app. Very poor security practice. Much better to have a separate PIN for the 2FA app.
From a security perspective: if someone has your phone and the phone's passcode, they then also have your 2FA codes. You're stuffed. To put it nicely.
Ideally you should be able to unlock the 2FA app with biometric or a separate PIN (6+ digits/characters) that is not the passcode.
However if the biometric falls back to passcode in the event of multiple biometric failures, then this defeats the purpose of having a separate PIN.
In that scenario, I would disable biometric/passcode and only use a separate PIN to unlock the 2FA app.
Motivation
Huge security improvement.
Acknowledgements
[X] This issue is not a duplicate of an existing feature request.
[X] I have chosen an appropriate title.
[X] All requested information has been provided properly.
Feature description
I don't want the device's passcode to be able to unlock the 2FA app. Very poor security practice. Much better to have a separate PIN for the 2FA app.
From a security perspective: if someone has your phone and the phone's passcode, they then also have your 2FA codes. You're stuffed. To put it nicely.
Ideally you should be able to unlock the 2FA app with biometric or a separate PIN (6+ digits/characters) that is not the passcode.
However if the biometric falls back to passcode in the event of multiple biometric failures, then this defeats the purpose of having a separate PIN. In that scenario, I would disable biometric/passcode and only use a separate PIN to unlock the 2FA app.
Motivation
Huge security improvement.
Acknowledgements