Closed GretaThunder closed 7 months ago
thestinger
commented
7 months ago If somebody asks why not just use an alphanumeric password, it's because you'd lose the benefits of the scrambled pin layout and ease of use.
You're throwing away a lot of lock method entropy for this. We don't want to encourage that.
GretaThunder
commented
7 months ago If somebody asks why not just use an alphanumeric password, it's because you'd lose the benefits of the scrambled pin layout and ease of use.
You're throwing away a lot of lock method entropy for this. We don't want to encourage that.
I can understand the view that you don't want to encourage people to use low entropy efforts like "72779673 which corresponds to PASSWORD", but they can already do that right now by setting 123456 as their Lock Screen Pin.
In the current approach with GraphenOS, as an example I can set my PIN to be 6286787. This also corresponds to the word OCTOPUS which is still low entropy, but better than PASSWORD. Now how about adding in 3-4 words?
Security is in the hands of the user to set a secure lock screen method with appropriate entropy. Disallowing alphabet letters does not reduce entropy as its still up to the user to set a secure PIN. Consider a 6 digit PIN, the average user will typically include things related or easy to remember, greatly reducing entropy as well. It won't be 6x6x6x6x6x6 possibilites. Six letter words on the other hand in the english language opens a much larger pool of entropy if selected at random. And, using a PIN will rely on the secure element to withstand bruteforcing, and users who want maximum security will be using an alphanumber password to not rely on the secure element anyhow.
The alphabet letters will follow the Scrambled Pin Input Layout, they won't be scrambled randomly.
1 = ---- 2= ABC 3= DEF 4= GHI 5= JKL 6= MNO 7= PQRS 8= TUV 9= WXYZ
Length is more important. Giving users choice to remember a few words while maintaing scrambled input layout will still be higher entropy than users choosing six digit PINs in current form. Most people aren't using password generators to select their PINs.
thestinger
commented
7 months ago We're not going to do this. We're going to be moving to encouraging proper random PIN and password via a UI for generating a random PIN or random diceware-style passphrase.
GretaThunder
commented
7 months ago I understand that point too.
Since "Scramble Pin Input Layout" is an option, will Scramble Keyboard Layout" become a feature as well to protect alphanumeric passwords? The dangers of shoulder surfing apply all the same.
I have attached a screenshot displaying what the Pin Input Layout looks like on iOS lock screens. There are alphabet letters like you'd find on an old home telephone. This makes it extremely easy to mentally map words to a PIN number.
Using PINs across multiple profiles in GrapheneOS is a poor user experience because remembering numbers is more difficult than remembering words.
This will be a great immediate boost to increase GrapheneOS adoption for both owner and user profiles.
If somebody asks why not just use an alphanumeric password, it's because you'd lose the benefits of the scrambled pin layout and ease of use.