So I have a debate in my head right now about how I should handle devices stored unattended in vehicles. The criteria:

  • Devices have new versions of Android
  • Pass phrases or many-digit pins are used
  • Biometric login is set up (but can’t be used in Lockdown Mode)
  • Have Bitwarden installed with biometric auth for the vault
  • Has SSH keys on the device

I’m not worried about nation state attacks, but am considering the vector of a tech savy thief, and want to keep SSH keys and other device data secure. Assume they cannot be stored in a vault.

Is storing the phones on but in Lockdown mode enough, or should I turn them off completely? Off would be super annoying to wait for boot every time, but I’m not totally sure how KEK works for an encrypted device with biometrics set up but in Lockdown Mode where they are disabled.

  • fmstrat@lemmy.nowsci.comOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 days ago

    Thank you, this is what I expected, but wanted to be sure. I do have rotation plans in place, so covered there, too.