I hate how every phone uses biometrics as a bypass to a pin/password instead of being used in conjunction with a pin/password. With biometric + pin, someone needs both your pin and fingerprint. And there can be a prompt for a longer “fallback” password if there is X number of incorrect attempts or at restart. Is there such a thing in Android?
I was wondering if the Android fingerprint login had been compromised since the days of the gummybear attacks. For anyone else who was wondering: https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks/
Interesting question OP, I’ll be (academically) interested in the answer.
Edit: this Tasker answer is fiddly and very old, but may be worth looking into: https://android.stackexchange.com/questions/139653/can-i-make-android-require-fingerprint-pin-to-unlock-the-screen
Yes!
You need to set up a work profile. You can use shelter on the Google Play store or in f Droid.
Once you have a work profile set up, set the unlock for the work profile to be your biometrics. Or a passcode. Up to you.
Now the work flow to open a app in the work profile will be, unlock your phone normally, unlock your work profile - now your work app opens. So you can have your normal phone unlocked via biometric, and your work profile via code. Or reversed.
This gets you your two factors, if you use biometrics you can have a pin fall back. So a super long password. For work profiles you need a long password to unlock it once per day, or on reboot, and then it can use biometrics.
I think this does what you want