A mugger can get into your device - less relevant now given that wallets are where the value is 99% of the time but given pay with phone options growing in popularity that might be a matter of concern eventually.
I feel like that's getting the threat model wrong. The mugger wants to spend as little time with you as possible. If a fingerprint is needed to make purchases, then it can actually be significantly better than a PIN, and even a PIN is a lot better than nothing because they have to memorize it.
Sure. Have a fingerprint or PIN or whatever. Totally reasonable. Mugger takes your phone in a rush, can’t unlock it later, sells it for $10 to someone who’ll gut it for the pieces. Sucks, but not as bad as the mugger also emptying your bank account.
But my response is to the belief that a security factor that cannot be directly taken by force is somehow more secure. If you’re guarding The Football, sure. You might actually be willing to die for that. If you’re willing to die rather than reveal your PIN to a mugger, though, your advice is not applicable to the vast majority of the population who value their lives more than their bank accounts.
The way around that complicates things - validation of circumstances and parties outside the sphere of power can avoid it. Anyone trying to force a withdrawal from someone's account at gunpoint at a bank itself would just be robbing the bank itself. Which being federally insured means robbing the federal government by force of arms. Which draws a heavy response from any sort of government.
I have noted that spiteful to lethal anti coercion measures seem surprisingly rare given the premium paid for security and even when a lesser value to human life is assigned. They would use ink bombs for robbers and not time delayed or remote triggered fragmentation bombs with the loot. I assume relative rarity and baseline risks (even military bases in hostile regions tend to restrict arms to the armory except for MPs, on duty soldiers, and maybe personal side arms for ranking officers who keep it holstered most of the time as opposed to readied) and margins are why even in places where security is tenuous enough that foreign businesses travel arrangements include at least one mercenary with an AK47 or its descendant as a guide, driver and bodyguard due to their guest being a relative king's ransom.
Theoretically ATMs could be fortress panopticons watched 24-7 and with a SWAT team readied to deal with compelled withdrawals but that just plain wouldn't be a sensible use of resources - cameras, willingness to write off or insure losses and policing makes far more sense.
Not annoying, just Hacker News. Funny/cute/meme/etc typically gets downvoted, even if it’s directly relevant, because of the strong fear of turning into the circle jerk of endless shitty joke threads like Reddit.
This idea that digital security is going to solve for physical violence is absurd unless you’re willing to die to protect your digital assets.