Graphene18

BackdoorsNRats However, I do disagree with your standpoint it should be used (im assuming this is that you think based on your post). It's too easy to compromise through exploits or force. Use the built-in PIN scrambler instead. Be aware of your surroudings to not have a camera being close enough to see the numbers you type. Thanks to the scrambler, as long as it can ser your screen in high res, no way you can get the passcode by watching where you press on screen.

Imo, its a big security risk to use biometrics and I would advice everyone to not use it.

GrapheneOS only gives 5 attempts for unlocking with biometrics, so it's more secure than any other phone or OS.

BackdoorsNRats With that out of the way I also want to say thanks for input and after your post I have upgraded my passcode from 12 digits to 18.

You should use a 6 digit passcode.

You need a password that consists of 18 random letters and numbers for it to be unbreakable, not the 18 numbers passcode.

GrapheneLover ₁₂₈ bits of entropy is the absolute maximum overkill of what's even reasonable to use and that's what's used for designing encryption algorithms and your recommendation is ₂₁₀ bits. So yeah, I have nothing more to add.

It is worth it, it's the best that you can use, nothing even comes close. If something really important doesn't work for you, then just use stock OS on a Pixel.

The best advice that I can give you is to not go into a next level of copium and get an iPhone for privacy. Just use Pixel devices.

I already got my answer, this thread can be marked as solved, or, even better, locked.

This thread became a mix of misinformation and copium.

[deleted] The best practice is a password of between 15 and 20 characters.

You need at least 90 bits of entropy for an unbreakable password, which is 7 random diceware words or 18 random letters and numbers, which both have over 90 bits of entropy.

[deleted] Android and iOS can't be compared to Windows or other systems, because they contain a Titan or SE chip and have their own clocks.

I know, that's why I'm asking.

GrapheneLover In any case where you value your security it is best to use a password of more than 32 characters with numbers, letters, and symbols with and without dictionary words in it. If you truly value your security do not use a pincode.

That's not correct at all. I already mentioned above that unbreakable password is considered 90 bits, which is 7 random diceware words or 18 random letters and numbers.

The part about not using a PIN is incorrect too. Pixel devices with GrapheneOS have aggressive throttling which makes 6 digits pin code unbreakable unless someone has an exploit that could bypass Weaver throttling.

For anyone who has found such an exploit, Google would pay a stupid amount of money which means that countless people that want that cash are looking for a way to exploit this and even Google has security researchers behind this.

Conclusion: nobody will ever use such exploit on you and almost all of us.

BackdoorsNRats My lawyer told me you need at least a 10 digit PIN or they will be able to crack it. This was 2 years ago though. EU country.

This is if they bypassed Weaver throttling.

BackdoorsNRats A friend of mine used pattern-lock and they had no problems unlocking it.

Pattern unlock is such a garbage way to secure your phone that GrapheneOS has even removed it as an option.

BackdoorsNRats I also know fingerprint/face scan is easily breached with the right tools.

That's true, but biometrics are necessary, not only they're much faster and convenient, but they allow you to securely unlock your phone even in a place where your password could be recorded by a security camera or where someone could see it over your shoulder.

One cool upcoming feature to GrapheneOS is an ability to have 2FA for fingerprint unlock, which means that you can set a secure seven word diceware passphrase for your main unlocking method and then setup biometrics with a combination of short PIN as a 2FA.

For Pixel devices with GrapheneOS the best practice for the big majority of us is to use a random generated 6 digit pin code. 

Meanwhile, a seven-word diceware passphrase is used by people with extreme threat models (or by people who don't know how to properly threat model and have overkill security for no good reason)

But what about other devices like Windows, Linux and macOS computers?

Relaks FYI, you will need at least the Pro version of Windows 10/11 to be able to turn off telemetry and data collection through Group Policy Editor. As far as I know only Windows Enterprise allows for turning off telemetry completely. (Correct me if I'm wrong on that part).

[deleted] Use windows enterprise or education, then use GPO.

I already use Windows 11 Enterprise.

[deleted] https://github.com/beerisgood/Windows11_Privacy
https://github.com/beerisgood/Windows11_Hardening

Thanks, will take a look.

Duolingo.