Description:
Add optional support for mandatory dual-factor authentication on device unlock—requiring both a biometric (fingerprint or facial recognition) and a password/PIN to access the device.
Rationale:
While biometrics are more resistant to brute-force attacks, law enforcement can compel biometric unlocking in most jurisdictions because it’s treated as “physical evidence,” whereas passwords receive stronger legal protection because they involve self-incrimination and are “knowledge stored in a person’s mind.”
Dual authentication creates meaningful protection against both technical attacks and law enforcement overreach:
1. Against Device Theft:
If a device is stolen or seized, the biometric alone is insufficient—an attacker would also need the password, which exists only in your mind.
2. Against Biometric Data Compromise:
If your biometric data is compromised (border databases, state surveillance systems), the password remains unknown and unusable by third parties.
3. Against Coercive Law Enforcement:
In jurisdictions with weaker rule of law, dual authentication forces authorities to use different legal mechanisms to access each factor. A real recent example: Hong Kong police were given new powers in March 2026 to demand phone and computer passwords from suspects under national security investigations, with refusal punishable by up to one year in jail and HK$100,000 fine. Dual authentication at least creates friction—if a user cannot provide both factors, neither factor alone grants full access.
4. Reinforces User Intent & Consent:
Password entry is an intentional communicative act that reinforces user awareness and consent, unlike passive or covert biometric collection.
Legal Distinctions:
According to legal analysis, courts distinguish between “something you have/are” (biometric) and “something you know” (password):
-
Biometrics: Generally treated as physical characteristics, not testimony. Law enforcement can compel biometric unlocking without Fifth Amendment constraints in most U.S. circuits, though this remains contested.
-
Passwords: Protected as knowledge requiring “the contents of your mind.” Courts have repeatedly held that compelling passwords violates self-incrimination protections, with stronger constitutional grounding than biometrics.
In the EU, the framework is similar: GDPR requires explicit consent for biometric processing, but the Law Enforcement Directive does not require consent for biometric processing by authorities—only a “legal basis.” This means governments could potentially mandate biometric cooperation through legislation, whereas the same for passwords might face constitutional challenges.
Implementation Suggestions:
- Make it optional: Respect user choice; this should be an opt-in security tier
- Allow customization: Users choose which biometric + password combination works for them
- Provide fallback options: If the biometric sensor fails, password-only unlock should be available
- Clear documentation: Explain the legal distinction—users deserve to know why this matters for their privacy and legal protection
References
-
Fifth Amendment Protections for Passwords vs. Biometrics:
Biometrics vs. the Fifth Amendment - New America -
Hong Kong Police Powers (March 2026):
https://www.reuters.com/world/china/hong-kong-police-given-new-powers-obtain-phone-computer-passwords-2026-03-23/
HK introduces new rule requiring nat. sec suspects to disclose passwords
Hong Kong police can now demand phone passwords under national security law -
GDPR & EU AI Act Framework for Biometric Data:
Biometrics in the EU: Navigating the GDPR, AI Act | IAPP -
GDPR Overview:
What is GDPR, the EU’s new data protection law? - GDPR.eu -
Regulation of Biometric Data in Europe:
Regulation of biometric data in Europe — Financier Worldwide