this post was submitted on 28 Apr 2024
388 points (83.4% liked)

Technology

59421 readers
2852 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 6 months ago (2 children)

Article doesn't even mention PIN. Where are you getting this "advice"?

[–] [email protected] 2 points 6 months ago (1 children)

It calls them “passwords,” but personally I don’t consider a 6 digit number to be a password. And according to this article on GrayKey, 6 digit “passcodes” became the norm back in 2015. I haven’t seen any stats showing that people on average use more secure passcodes now, and making the passcode required more frequently isn’t going to encourage anyone to use one that’s more secure.

The article just says “disable biometrics” which is bad advice for the average person, as it will result in them using a 6 digit passcode. This is a knee-jerk reaction at best, and the resulting advice is devoid of nuance, made by someone who clearly doesn’t understand the threat discussed in the article, and would benefit literally nobody who might feasibly take it.

My advice is echoed by the article above, but it’s based off having an understanding of the problem area and suggesting a solution that doesn’t just address one thing. Anyone giving advice on the topic should consider:

  • known threats and reasonably likely unknown threats
  • the mitigations to those threats
  • how the technology works for both the threats and the mitigations
  • the legal landscape in your jurisdiction - for us, the US - both in practice and in theory
  • people’s attitudes toward security, namely their willingness to suffer inconveniences for its sake
  • how all of the above interact, and how likely someone is to take the advice given in a way that improves their security overall

The author of this article considered none of the above.

[–] [email protected] 1 points 6 months ago (1 children)

I still don't get where are you seeing this advice in the article. No one is recommending "6 digit passcodes". AFAIK all contemporary phones use mixed character passwords these days. I just setup a second hand s22 and it asked me to create a full password as primary authentication with all of the brute force strength hints etc.

Your perception might be a bit outdated here.

[–] [email protected] 1 points 6 months ago (1 children)

As I said in my first comment, I’m more familiar with iOS, where 6 digit passcodes are the default.

That said, do you genuinely think the average person would use a random 10+ alphanumeric character passcode to unlock their phone after taking the advice of this article and disabling biometric auth?

[–] [email protected] 1 points 6 months ago

Yes the contemporary phones literally bug and warn you if you don't. Password is much easier to remember than 6 digits too imo.

[–] [email protected] 1 points 6 months ago

He's not wrong though. Brute forcing number only pin takes little effort.