I still stand by what I said and if you actually had a high threat level you would know what I said is true. I stand by the recommendation of using a password or passphrase longer than 32 characters with symbols, letters, and numbers. You can use a simple pin code all you want and believe in the secure elements but if you truly care about your security you would opt for what I said without a doubt.
Best screen lock password practices for all the devices and operating systems
GrapheneLover It's like saying that if you truly care about your privacy and security you need to use Whonix in Qubes and nothing less, LMAO.
Believe in whatever you want, but don't make people believe that they need this to be secure, that's just harmful.
- Edited
Graphene18 Definitely not harmful at all, what you're saying is infact harmful telling people to use a simple six digit pin is harmful as we are talking about high threat levels, if you are some average everyday user who just uses social media and such sure go ahead and use a 6 digit pincode. If you are someone who has stuff they don't want to lose or a high networth individual or someone who has things that they would get hurt over if found out, opt for a 32+ alphanumeric password or passphrase. I am talking with experience. If you had such a really high threat level and the people wanted you your silly 6 digit pincode would get bypassed one way or another.
- Edited
GrapheneLover 128 bits of entropy is the absolute maximum overkill of what's even reasonable to use and that's what's used for designing encryption algorithms and your recommendation is 210 bits. So yeah, I have nothing more to add.
- Edited
Thanks for a well written, quality post.
I agree that pattern unlock is used by 50iq people. Some people need to learn the hard way.
I also do agree with biometrics being a really good QoL-improvement because of the simplicity it brings.
However, I do disagree with your standpoint it should be used (im assuming this is that you think based on your post). It's too easy to compromise through exploits or force. Use the built-in PIN scrambler instead. Be aware of your surroudings to not have a camera being close enough to see the numbers you type. Thanks to the scrambler, as long as it can ser your screen in high res, no way you can get the passcode by watching where you press on screen.
Imo, its a big security risk to use biometrics and I would advice everyone to not use it.
With that out of the way I also want to say thanks for input and after your post I have upgraded my passcode from 12 digits to 18.
Cheers mate!
- Edited
BackdoorsNRats However, I do disagree with your standpoint it should be used (im assuming this is that you think based on your post). It's too easy to compromise through exploits or force. Use the built-in PIN scrambler instead. Be aware of your surroudings to not have a camera being close enough to see the numbers you type. Thanks to the scrambler, as long as it can ser your screen in high res, no way you can get the passcode by watching where you press on screen.
Imo, its a big security risk to use biometrics and I would advice everyone to not use it.
GrapheneOS only gives 5 attempts for unlocking with biometrics, so it's more secure than any other phone or OS.
BackdoorsNRats With that out of the way I also want to say thanks for input and after your post I have upgraded my passcode from 12 digits to 18.
You should use a 6 digit passcode.
You need a password that consists of 18 random letters and numbers for it to be unbreakable, not the 18 numbers passcode.
10 digits was good enough few years back so Id guess 18 should do it now.
But ill take your advice to heart and change. You seem reasonable and knowledgeable so ill listen to your advice.
Also, didnt know this about GrapheneOS and biometrics and for sure that makes it much better.
[deleted]
- Edited
Graphene18 A password between 15 and 20 characters is currently unbreakable. If you add to this a physical security element like Google's titan, you won't be able to unlock your phone by any means, even unlimited.
- Edited
Are we talking about screen locking? In that case, I use a 10 digit PIN but I am planning to make it 20
[deleted]
SoulKeeper 16 is enough as per https://bitwarden.com/password-strength/ It would take centuries (at this time) to crack it and that's bypassing the secure element
[deleted]
I think that bitwarden tool assumes full alphanumeric+symbols keyspace, not a numeric-only PIN. So it's estimated crack time is not accurate for PINs.
Also, if the secure element is bypassed, then there is no "Standard delays for encryption key derivation enforced by the secure element". Which means brute force can happen at very fast speeds. All numeric-only PINs, would be insecure. Which is why it is recommended to have full alphanumeric passphrases if the secure element may be bypassed (such as for high threat nation state adversaries).
https://discuss.grapheneos.org/d/4727-graykey-countermeasures/2
matchboxbananasynergy you can use a 18 character password comprised of lowercase letters and numbers, or a 7 word diceware passphrase, which is strong enough to not have to rely on the secure element
And as always, any estimates for crack time, also assume that it is random!!! If you choose something personal or easy to remember phrases (songs, quotes, etc.)... then expect the cracking process to front load those and you might expect it to be cracked in a small fraction of the time.