Home > Smartphone

Android phone suddenly asking for a password? Here’s why

The Techtellectual is a reader-supported website. When you buy through links on our site, we may earn an affiliate commission at no additional cost to you. Learn More

Android Phone suddenly asking for password

Ever notice your Android phone randomly disable biometrics, forcing you to enter a password or pattern for “additional security.” The phrase says it all, but entering a long password or complex pattern to unlock your phone can be frustrating when you are in a tricky scenario.

Passwords, patterns, and PINs are more secure forms of authentication than biometrics, and this is the reason behind having to set up or enter your password before even registering biometrics.

So why the seemingly random call to enter a password? Does it depend on how often you use your phone, or is it a clever trick to help you remember your smartphone?

Levels of biometric unlock security

The answer lies buried deep in the source code of Andriod. Biometric authentication is categorized into three classes numbered 1, 2, and 3. Android operates on a series of rules and signals from the environment to decide when it is time to disable biometrics to prevent unauthorized access to your phone.

The levels or classes of Android’s biometrics are determined by their performance against security threats. Three metrics described below are what determine the class the biometric falls into:

  • The Spoof Acceptance Rate (SAR) measures how easily the authentication method can authorize a previously recorded sample. An excellent example of this was the “Voice Match” feature through which a “Hey, Google!” recording of the user could be used to gain complete access to their Android device.
  • Imposter Acceptance Rate (IAR) defines how easy it is to unlock a device through biometrics by mimicking the user. In this metric, the biometric input is that of a person and not pre-recorded.
  • Finally, the susceptibility of the biometric to falsely authenticate a random, non-targeted input is measured through the False Acceptance Rate (FAR) metric.

Both the biometric hardware, like fingerprint scanners, and software used in Android smartphones undergo testing by Android Biometric Security Partners to determine the mentioned values.

Timeouts for different biometric levels

A set of constraints are defined for each class of biometrics. These deal with the time before the phone reverts to a primary authentication method, like a password, pattern, or PIN, or whether an app can allow the biometric to authenticate the user’s access to sensitive data.

Fingerprint Readers are classified as Class 3 biometrics
Fingerprint Readers are classified as Class 3 biometrics. Photo by Lukenn Sabellano on Unsplash

Class 3 biometric sensors, like the under-screen fingerprint sensor on your smartphone, have the least constraints applied to them. The source code mentions a fallback period of 72 hours before a primary authentication method is required to unlock your device. These can also be used to open and authenticate actions in apps.

Face unlock setup screen in a smartphone
Face Unlock is generally classified as a Class 2 Biometric. Image Credits: Google

Biometrics in the class 2 category, like Face Unlock, have a timeout of 24 hours before requiring a primary authentication. Older fingerprint sensors can also fall into this category.

Some biometrics known as Trust Agents, commonly found in the Smart Lock section of your phone’s security section, cannot unlock your phone but can keep an already device unlocked for longer. These may be type 2 or type 3 and can keep your smartphone unlocked and idle for a maximum of 4 hours or 3 incorrect attempts before returning to primary authentication.

Timeouts are set because they are long enough for bad actors not to have the time to replicate your biometric data and gain access to your phone.

Password after reboot or lockdown

A common occurrence of biometrics being disabled is when you restart your smartphone. If your smartphone is encrypted, most core functionality, like phone calls and alarms, will be restricted until you enter your password. Android smartphones also have a setting for enabling a lockdown option in the shutdown menu that disables biometrics and trust agents after a reboot.

We hope you understand how your Android smartphone can suddenly force you to enter a password instead of biometrics. These are an essential part of what keeps your phone safe from unauthorized access by impostors or methods like spoofing.

Interested in setting up your smartphone to be less distracting? Check out our guide on the best minimalist Android launchers to free your time.

Share on:
About Paul Jacob

Paul’s journey with computers began over a decade ago when he became interested in modeling buildings in SketchUp (back when Google owned it!). Curious about the underlying hardware that powered the tech he used, Paul successfully bricked the first smartphone he owned. Over time, he honed his teardown and repair skills, developing his own homelab and repairing countless gadgets, saving them from the landfill. You can find Paul today either fine-tuning his heavily modified Ender 3 3D printer or searching for used server processors for his HPC. Paul has been blogging in the tech industry for the past five years and is also active academically in computational fluid dynamics, having co-authored multiple journal articles and a conference paper. Paul double-majored in Mechanical Engineering and Physics from BITS Pilani.

Comments

Subscribe
Notify of
1 Comment
Inline Feedbacks
View all comments
André
4 months ago

Hi,
I have a bizarre problem.
I forget at least part of my 4-digit PIN, and my fingerprint is no longer accepted by the fingerprint reader on my Moto G pure telephone.
I’ve tried guessing the PIN without suceess so far. I was able to get the PUK from my phone service provider (who sold my the phone), to reset the PIN, but it doesn’t give me access to my phone.
Unfortunately my phone has unreplaceable personnel data, such as the recent pictures from my mother’s funeral, and other info, but nothing really confidential.
I had thought that I had activated programmer’s mode a while back, but I can’t seem to use it to access my phone.

I’m using an old temporary phone with the same SIM card, & I had no problem resetting it, but it is very important to me to retrieve the photos (& some other info) stored on my phone.

With your expertise, would you have a idea how to retrieve my info ?
Once I retrieve the info, I have no problem resetting my phone.
I don’t know if the data would be encrypted , it is version Android 12.
If that could help, I’m sure that my phone service provider would confirm that it is indeed my phone.
I thought the security was essentially to prevent others from using my phone service, not to lock me out.

Thanks for any help you can give me.

Reply