Originally Posted by
tickerguy The DTEK60 may HAVE a fingerprint scanner, but whether you use it or not is a choice.
I divide data security adversaries more-or-less in this fashion:
1. Random persons (e.g. lost phone where a random person finds it.)
2. Casual, but relatively-unskilled adversary ("script kiddie" that takes app and adds a "packaged" bit of trash to it to try to steal data, random person with a laptop siphoning off unsecured WiFi traffic, etc. These people are not specifically targeting you and have a modest skillset.)
3. Targeted adversary, but only moderately skilled. This person is in fact after your data specifically, but has few skills beyond #2. They're materially more-dangerous to you simply because they're after you specifically.
4. Untargeted but skilled adversary. These people know what they're doing but aren't specifically after you. They're limited more by their resources (as individuals) than abilities. These people are very dangerous IF you run into their traps. MOST commercial data breaches have this class of actor behind them.
5. Targeted but skilled adversary. #4 but intending to come after you specifically. You're in trouble with someone in this class after your data, because unless your computing environment is both well-designed and used without stupid mistakes your data will likely be intercepted. Note that the possibility of literal torture shows up in this category (e.g. "gimme the password or I pull off your fingernails with these vice-grips!")
6. State actors. Most systems will fall to these people due to the resource they can bring to bear.
A phone that is *on and in use* may fall to #3+ unless you can shut it off first. It WILL fall to 5+ if it's on. An encrypted device that is fully locked (e.g. boot time encryption) MAY survive an assault by #5+.
A fingerprint scanner will *probably* fall to #2+ and WILL fall to #3+ most of the time. It will not survive an assault by #5+.
Note that "remote unlock" capabilities (which, unless explicitly disabled, are in most modern phones and in some cannot be completely disabled) WILL fall to #4+.
If you're only interested in protecting against assaults in class #1 (lost device, random person finds it) then fingerprint scanners are fine. Beyond that, not so much. A picture password is usually going to be secure against #4 and will probably fall to #5+.
Note that one of the most-dangerous threats is an app developer that is "officially respected" (e.g. a large corporation) that falls into category #4. The only effective means of defense against those is not to use said app and hope you discover the subterfuge before your data gets stolen. This is particularly true because no branch of law enforcement will ever indict or imprison one of these executives or criminally charge these firms. For this reason if you get a DTEK alert on OS compromise that is traced to installing or removing an app from a "trusted" developer you are a fool if you ever use said app or any other by the same publisher ever again.
Remember that assaults have a probability of success; someone can always get lucky.