Security enhancement via adoptability of long PINs by including letters on PIN unlock screen(s)

[pipe2null]

Many users want to use longer PINs and it is good security practice to do so, but many people, including myself, have a difficult time remembering long sequences of raw digits without the aid of standard letters on each digit of the unlock screen UI. This is especially true if you enable "Scramble PIN input layout", which is an excellent feature, but you cannot use geometric patterns to help remember the long sequences of raw digits for your PIN. Even ATM machines include letters on the number pads to help people remember.

Everyday security needs to be as convenient as possible, otherwise it simply is not adopted. The "convenience" here is simply including the standard alphabet letters for each digit, same as standard number pads have, as well as the PIN number entry screen used when you actually set your PIN.

Using a full alphanumeric password is not reliably feasible for active use when most people only have a single thumb available for entry. This also impacts the practicality/adoptability of using many user accounts with unique PINs for each user account, when letters are included on all PIN unlock screens to greatly simplify remembering up to 31 different PIN codes / per GOS device. Fingerprints are great and all, but you still have to enter the PIN first, and after every automatic reboot, and for every user account you are using.

I understand that this is probably an inherited issue from AOSP, but describing this as a "Security enhancement" or "Security issue" is reasonable given GOS's commitment to privacy and security. It should be relatively simple to add letters to the existing UI elements of unlock screen that track as appropriate when using scrambled input layout.

This is duplicate of #1977. This is duplicate of #2017.

[pipe2null]

I'll add that using long PINs, especially 8 digits or more, greatly decreases the risk of casual shoulder surfing, simply due to the casual observers brain capacity for short term memory. So, yes, I'll reiterate that including alphabet letters on the unlock UI is a real and justifiable security enhancement for the adoptability/feasibility of using long PIN numbers.

https://en.wikipedia.org/wiki/The_Magical_Number_Seven%2C_Plus_or_Minus_Two

[An-anonymous-coder]

I do think this is a good enhancement, however I would like to point out a few things:

many people, including myself, have a difficult time remembering long sequences of raw digits without the aid of standard letters on each digit of the unlock screen UI.

If you have problems remembering passcodes, try using a passphrase instead.

Using a full alphanumeric password is not reliably feasible for active use when most people only have a single thumb available for entry.

This can be solved by using biometrics. The situations in which you need to enter a non-biometric unlock and have your hands tied up are few and far between.

I'll add that using long PINs, especially 8 digits or more, greatly decreases the risk of casual shoulder surfing, simply due to the casual observers brain capacity for short term memory.

This is also another benefit of using a passphrase, as all you have to do is remember 4+ words, and a shoulder surfer would need to keep track of 20+ rapid key presses on a tiny keyboard.

PIN numbers

This is redundant. "PIN" stands for Personal Identification Number, so saying "PIN number" would be saying "Personal Identification Number number." Sorry for the nitpick.

[An-anonymous-coder]

I might also counter argue that adding letters to the PIN pad might encourage users to use less secure combinations such as their name, etc. Furthermore, you hardly need to remember your passcode after entering it multiple times, because it gets converted to muscle memory. I was able to memorize an 11 digit randomly-generated passcode just fine this way.