Any login pin brute force configuration?

silent_muppet

I unfortunately learned about the login pin anti brute force feature the hard way. Had my Pixel 9a in a cargo pocket while moving heavy stuff all day. I'm assuming the combination of my movements and the material my pants are made of, resulted on the phone being locked out as it has never happened before. Total time was like 1.5 hours. Was looking in the options to see if there is a way to put a cap at how long the phone will lock it self out but did not find anything. Am I overlooking it or is there actually not way to fine tune this feature?

raccoondad

silent_muppet Am I overlooking it or is there actually not way to fine tune this feature?

Correct, no way. Turning off tap to wake will help stop false inputs

If the time had a cap, the pin would be useless.

faxe

It is not configurable, but you could try changing your settings that you have to confirm your pin (if that's not already enabled) or turn off tap to wake.

silent_muppet

faxe
What do you mean by changing the settings to confirm your pin?

Thanks for the input, it does make sense to turn off tap to wake and lift to wake as I always press the power button.

faxe

silent_muppet I meant to set the setting so that the PIN doesn't automatically confirm (as in you need to hit the "enter" button right to the 0 on the PIN entry screen) but disabling tap to wake is the more guaranteed way to not encounter this issue in the future

GrapheneOS

Our FAQ section at https://grapheneos.org/faq#encryption has documentation on the less aggressive older delay ramp up by the secure element. It's implemented by the secure element, not the OS, and it does not currently provide any configuration. The secure element could theoretically provide configuration to the OS but it doesn't so it's not something which can be added by the OS alone. The previous delay ramp up was more than enough to protect data with a random 6 digit PIN but it's now more aggressive, likely to help with weaker lock methods. It's still not a good idea to use less than a random 6 digit PIN.

Entering a PIN below 4 digits or entering the same PIN twice in a row won't be counted as an attempt since it will reject the attempt before it tries to use it, avoiding counting towards a failed attempt. Ignoring an attempt with the same PIN twice in a row is ignored so that if someone slightly misremembers their PIN and keeps entering the wrong one, they aren't actually making additional unlock attempts.

This is all standard and we don't change anything about it. We have a bunch of related changes but not to these basic properties.

GrapheneOS

Tap to wake uses the proximity sensor above the screen to avoid waking the device via tap or lift to wake if there's something close to it. Try putting your hand a centimeter or two above the top of the screen where the front camera is placed and tap the screen with your other hand. It won't wake up due to seeing something over the proximity sensor. This is meant to prevent the device waking while in a pocket, bag, etc. The power button would generally need to be pressed.