Passcode security improvements on Kraden 1.17.0

Learn more about additional passcode security layer updates on Kraden, including optional biometric log-in.

Ross K.

Security Expert

Kraden is proud to announce the official introduction of additional passcode security layers, including optional biometric login on our app. From now on, your messaging experience will be even more secure. You will be able to access secure and private communications with other Kraden users by entering a secure passcode or, optionally, scanning your fingerprint.

Let’s take a look at our recent update and see how security will be integrated on Kraden and how it can improve the protection of your digital privacy.

Password changes for added security

To further solidify our claims of being a security-first platform, we decided to introduce improved and revised password requirements for all of our users.

Your passwords will now have to meet our standard security requirements to better protect your private communications including these on your passcode:

1 upper-case letter
1 lower-case letter
1 numeric character (0-9)
1 special character (*,?,-,!, etc.)
Minimum 12 characters in total

This form of password can be considered safe enough and almost impossible to crack. Even with state-of-the-art machinery, hackers would need many lifetimes to crack it, so such protection is necessary if you want to feel sure about your messages remaining private.

It is true that a combination of approaches might work better: lengthy and fairly complex passwords.

Lengthy – Short length passwords are relatively easy to break, so the idea is to create lengthier ones for added security and to make them less predictable. So what is the desired or required length? A 2010 Georgia Tech Research Institute (GTRI) study told how a 12-character random password could satisfy a minimum length requirement to defeat code breaking and cracking software, said Joshua Davis, a research scientist at GTRI (Read more). In any case, to be on the safe side, a password length of 12 characters or more should be adopted.
Strong and complex – Strong passwords are still key. Security experts agree that upper and lowercase alphanumeric characters are good practices for increasing password strength and making it capable of resisting guessing and brute-force attacks. In order to add complexity without compromising ease-of-use, users could modify passphrases by inserting spaces, punctuation and misspellings.

However, if you find inputting a long password too much of a hassle to type each time you enter our app, you can always turn back to the optional fingerprint unlock that we’re introducing with the update. More about it below.

What is biometric data?

When it comes to user identification and authentication, there are specific methods for doing it. These methods are called ‘Authentication Factors’ and they can be divided into 3 main categories:

Knowledge - something the user knows
Possession - something the user has
Inheritance - something the user is

As you can probably guess, inheritance is the most distinguishable and unique feature of a user since it’s the hardest to replicate, duplicate or hack.

You should know that your fingerprint is unique and you have the only one like that in the world. This makes fingerprints a great authentication factor for confirming a user’s identity. Hacking biometric data is just not realistic.

Google Pixel and GrapheneOS handling of biometric data

In the realm of secure Android smartphones, Google Pixel reigns supreme. In the world of secure operating systems, GrapheneOS is top of the league, beating its competitors and utilizing the top-of-the-range security practices and software solutions to protect the data of each device and its user (Read about GrapheneOS).

In Android (on which GrapheneOS is based), biometric data is hashed, encrypted, and stored in TEE or Trusted Execution Environment without any possibility for exporting. This is the most secure location for such sensitive data to be stored. GrapheneOS takes it a bit further than base Android by permitting less attempts after failed authentication, making fingerprint scanning even more secure.

Kraden never has access to the fingerprint data. The app will communicate with the OS on a software level and your device’s operating system will inform the Kraden app whether the request (e.g. fingerprint scan) was a success or a failure.

On top of that - fingerprints are not available to the OS, it doesn't matter if an attacker obtains root access. Fingerprints are not stored directly in the first place. Fingerprints themselves are not stored. Fuzzy hashes of fingerprints are stored in the TEE and are never available to the OS.

Meaning that even if the OS gets compromised - fingerprints are still safe.

How is biometric data implemented on Kraden?

Your Google Pixel mobile device has a fingerprint reader on the backside or under the screen. With clever technology, it only takes a fraction of a second to process data, analyze your fingerprint, and determine the authenticity of the print.

Since it’s a very quick and very secure process, our users will be able to toggle between biometric authentication being on/off.

How to turn on optional biometric authentication on Kraden?

That’s really easy.

Open “Settings”
Click on “Security”
Toggle the “Fingerprint Unlock” feature on

Kraden will use the same fingerprint that's already set-up on your device. So, you should do that before toggling it on in the app settings.

Keep in mind that this authentication method is completely optional and you have full control over it.