[toyg]

You don’t even need to slice, just manhandle. It’s easy and mechanical, can be done in a few minutes in a dark alley. Whereas a code, any code, requires a degree of cooperation that the individual can choose never to grant.

(Obviously a lot of people will grant it, but a sufficiently motivated person - human-rights activist, political dissenter, journalist, etc etc - might not)

[munchbunny]

If we’re getting that deep into the hypotheticals, couldn’t said person just not set up biometric logins?

For the rest of us where physical coercion to unlock the phone isn’t in the threat model, it really does improve on the trade offs between security and convenience.

Feels disproportionate to say we should not do the latter because of the former.

[toyg]

Your threat model likely involves simple robbery; making you “look here” is quick and painless, and increases the loot value significantly. And yes, biometrics in general are not good. The best protection remains a pin or passcode.

[munchbunny]

If they're going to physically threaten you into unlocking your phone, a PIN or passcode won't change that.

[pmontra]

Pickpocketers minimize any physical contact. Biometrics protect against them. PINs do not. Anecdotally I know about an iPhone that got unlocked after a theft at a party. It was protected by a PIN. The owner thinks that the pickpocketer learned the PIN by looking over his shoulder.

On the other side burglars can get into a house and force people to unlock their phones or reveal their passwords, if they care to. There is no protection against that unless those people value their secrets more than the harm the burglars will do to them.

All considered, I unlock with my fingerprints.