topic Re: Remove 72 hour password requirement from Biometrics in Galaxy Note Series

Remove 72 hour password requirement from Biometrics

_Thanks__Samscum_ — Tue, 14 Jan 2025 09:06:42 GMT

Remove 72 hour password requirement from Biometrics.

Dumb feature and got banned last time i posted.

Re: Remove 72 hour password requirement from Biometrics

arianwen27 — Tue, 14 Jan 2025 01:16:42 GMT

It's a serious security feature. Fingerprint is a lot less secure than a password and can be "hacked". Locking it after a few days ensures a stolen device can't be unlocked or bypassed. Eg, it means a theif only has 3 days to hack a phone or cheat the sensor. Not enough time to do much.

Face unlock has an even shorter time. I believe that's 24 hours. And it drops to 4 hours if the device hasn't moved in a while.

To be extra elaborate. It guards against keeping a phone running for months till an exploit is found. It stops someone say picking through your rubbish, finding a plastic cup, locating a fingerprint on the cup, making a replica, unlocking the phone. Plus since S series phones are glass, they keep fingerprints. And other methods that probably exist

If users got the option to disable it, they would, then there'd be loads more stolen phones and data.

Theoretically a trusted agent app specifically made to bypass the timeout could be possible. Though I'm not aware of any right now. Trusted agent are apps that are allowed to unlock devices and modify lock status. But again, this is theory, probs doesn't and won't exist.

Re: Remove 72 hour password requirement from Biometrics

BandOfBrothers — Tue, 14 Jan 2025 05:24:15 GMT

Personally @_Thanks__Samscum_ I want all the Security protocols possible in order to protect my phone.

However I appreciate people want different things.

Therefore you can send feedback directly to Samsung via your Samsung Members App too for Samsung to Analyse.

If i can be of any further help please don't hesitate to ask 😎

Re: Remove 72 hour password requirement from Biometrics

Thanks_Samscum_ — Wed, 05 Feb 2025 16:30:38 GMT

"It's a serious security feature. Fingerprint is a lot less secure than a password and can be "hacked". Locking it after a few days ensures a stolen device can't be unlocked or bypassed. Eg, it means a theif only has 3 days to hack a phone or cheat the sensor. Not enough time to do much"

This is all misinformation. The data is on the phone regardless of lock method. If its stolen, someone has all the time in the world to gain access. More useless comments on an actual issue no one is addressing.

Re: Remove 72 hour password requirement from Biometrics

Thanks_Samscum_ — Wed, 05 Feb 2025 16:33:30 GMT

Personally i don't need a large cooperation force feeding me settings on a device i own.

No one on this planet will ever come into a situation where this setting will benefit them.

The fact that its a locked setting behind anti root measures is the problem.

I will turn it off and trip knox who cares at this point.

Thanks again Samscum!

Re: Re: Remove 72 hour password requirement from Biometrics

arianwen27 — Wed, 05 Feb 2025 19:12:16 GMT

You dont seem to understand how phone security works. The phone itself is secured in a way that it's mathematically unfeasible to crack directly. The way into a phone is through weaker entry methods. Fingerprint is relatively weak security method when the imprint if your finger could be on the glass.

Even police phone cracking devices dont just "all the time in the world" criminals phones. They use exploits and other methods to get them open. Apple even added a feature where iphones turned on and not touched for a week will self reboot. This was because police would lock them in evidence, keep them running for months till an exploit was found. As you cant directly crack a phone, and biometrics disable shortly after they are captured.

Tldr, without using one of the normal unlock methods. Being fingerprint face and device code. All the time in the world isn't enough to crack a phone. They use good encryption methods as everything should. Plus trying to brute force the nornal code will permantly disable that method. Think "this iphone is disabled". Want an estimate on how long it'd take to brute force it? Have a look how long cracking aes 256 bit takes.

To add more to the iPhone thing, when a phone is unlocked for the first time, the data is decrypted and everything is unlocked and running. In this state, it is much easier to crack as the master unlock code android uses is in memory and being used. You just need to bypass the lock screen. Though doing that still requires an exploit unknown to the phone maker. If a phone is rebooted, it doesn't know its own master unlock code. So even if you bypass everything, you can't get data from it. So law enforcement keep phones running for a long time to use cracking tools such as a celibrate machine. Those use exploits to crack phones. A brute force is possible if flaws exist. Eg, some devices are cracked by using obscure recovery menus to get infinite tries at the main unlock code the user set. Good phones limit the number of tries for unlock methods.

A true device brute force IS possible. But it'd take longer than the estimated lifespan of the universe

Re: Re: Remove 72 hour password requirement from Biometrics

Thanks_Samscum_ — Wed, 05 Feb 2025 19:27:54 GMT

More useless banter.

Its a dumb feature that the world dislikes and has no real world application.

I wish people would contribute on these forms instead of talking to wall.

Thanks anyways?

Re: Re: Re: Remove 72 hour password requirement from Biometrics

arianwen27 — Wed, 05 Feb 2025 19:28:58 GMT

You're the only person here who believes weaker security is better. Can you not be bothered entering your code once every few days?

Re: Re: Re: Remove 72 hour password requirement from Biometrics

Thanks_Samscum_ — Wed, 05 Feb 2025 19:31:29 GMT

I'm not. Google around.

Entering the password at inopportune times is more of a vulnerability than its worth.

Cameras are everywhere. People shoulder surf. Bios cant be peeked.

Its garbage security and a forced feature.

But please continue to reply and contribute nothing.

Re: Re: Re: Remove 72 hour password requirement from Biometrics

arianwen27 — Mon, 08 Sep 2025 09:20:34 GMT

The identity check system added in one ui 7 protects against shoulder surfing btw. I can't really explain the complex nature of device security and encryption [removed]. If you dislike good security, you are free to go with a less secure phone manufacturer.

Re: Remove 72 hour password requirement from Biometrics

Thanks_Samscum_ — Wed, 05 Feb 2025 19:40:11 GMT

Re: Re: Re: Re: Remove 72 hour password requirement from Biometrics

Thanks_Samscum_ — Wed, 05 Feb 2025 19:39:33 GMT

It absolutely does not. The only thing that could protect against that is a privacy screen protector.

More misinformation for the masses.

Thanks again.

Re: Re: Re: Re: Re: Remove 72 hour password requirement from Biometrics

arianwen27 — Wed, 05 Feb 2025 19:42:47 GMT

This is the last time I will be commenting on this issue. You have a fundamental misunderstanding of how device security works. You have done little to no research and dont understand what you are reading. Calling misinformation without understanding what you are reading isn't how to have a civil conversation with people.

Re: Remove 72 hour password requirement from Biometrics

crossflow — Thu, 01 May 2025 21:50:17 GMT

"If users got the option to disable it, they would, then there'd be loads more stolen phones and data."

Are you serious? Do you know you can protect every option with the code/password/sequence?

The lack of an option to disable the 72 hour security feature is not even useful for very rich or very important people so stupid that doesn't know how to open the settings menu.

You can enable the 72 feature by default for the 0.01% of the users and just let the others to be able to disable it, for sure, after entering the password (if they have one).

So no excuse at all, this decision is just another abuse from some manager that probaby does not even have the clue of the consequences on real daily usage.

Re: Re: Re: Remove 72 hour password requirement from Biometrics

crossflow — Thu, 01 May 2025 22:29:09 GMT

People got tired of complaining and gave up and learned to live with it, you seem like one of them.

But it doesn't mean it's right, not everyone is capable of adapting to anything. This is not the only case

There are so many bugs, stupid mandatory features and non-deactivable notifications from Samsung interface...

For example when the backlight goes off when battery hit 5%, making the display suddenly unusable under the sun, what was the point of making the battery last 10 minutes longer if you can't use the phone?

There are things called digital frustration or software induced stress, you can literally burn out from the sum of all this things in mobile and desktop devices. Stress can also trigger a lot of illness you better not underestimate the problem.

Typically the answer is "it's embedded in the android system the manufacturer can't do anything about it" then you discover that it's not true and that unknown Chinese brand has a flag about it. But we ask too much to have the support, compatibility and ecosystem of a big company like Samsung and at the same time be able to customize our device without bloatware and superimposed security features?

Re: Re: Re: Re: Remove 72 hour password requirement from Biometrics

arianwen27 — Thu, 01 May 2025 22:33:26 GMT

That backlight turning off thing can be disabled in settings btw.

This thread is almost 4 months old so I'm past debating this anymore. As a final note I'll say having the user always use fingerprint and not require the code can cause them to forget their code and cause issues.

It also stops attacks where someone has forged the fingerprint in some way and are using that to unlock the device. Fingerprint scanners are around maybe 1 in a billion at best. Thats 8 people in the world that could unlock it. A long pin is way way bigger than that. A pin will always be more secure, having it required every few days ensures the device is being used by the owner and stays secure.

Re: Re: Re: Re: Remove 72 hour password requirement from Biometrics

crossflow — Fri, 02 May 2025 22:11:23 GMT

No, backlight dims out at 5% battery and you can't disable it. There is no option at all, this happen even if you disable the battery saver functions.

Also if you have the lucky of this happening at dark and you are able to find the brightness bar and you try to set full brightness then a pop up appears asking you if you want to enable auto-brightness, you have to close the pop up and now you can finally set full-brightness.

So at least 3 bugs in only one functionality of the phone. Do you have a Samsung or are you talking based on YouTube videos?

Re: Re: Re: Re: Remove 72 hour password requirement from Biometrics

crossflow — Fri, 02 May 2025 22:14:08 GMT

"This thread is almost 4 months old so I'm past debating this anymore. As a final note I'll say having the user always use fingerprint and not require the code can cause them to forget their code and cause issues.

It also stops attacks where someone has forged the fingerprint in some way and are using that to unlock the device. Fingerprint scanners are around maybe 1 in a billion at best. Thats 8 people in the world that could unlock it. A long pin is way way bigger than that. A pin will always be more secure, having it required every few days ensures the device is being used by the owner and stays secure."

I don't give a *****. I live in a mountain no other people around

Just let me choose.

Re: Re: Re: Re: Re: Remove 72 hour password requirement from Biometrics

arianwen27 — Fri, 02 May 2025 22:24:22 GMT

Here is the setting. Hope it helps. It's in the battery menu, not in the power saver menu.

Also for phones. I have an a14, s22 and s25 ultra. I also know the setting is on one ui 6 as an irl friend had that exact problem. I found the setting on his a52 I think it was

Re: Re: Re: Re: Remove 72 hour password requirement from Biometrics

arsednot — Mon, 12 May 2025 12:46:51 GMT

Except he's NOT the "only person here...", who thinks that the 'feature' is *****! I don't have secrets on my phone; I don't have anything on my phone that would be of any interest to anyone else. If my phone is stolen, then que sera, but i should be able to CHOOSE which security features I use to secure - or not - my phone.