What is the most secure lock screen method for securing a GrapheneOS device. Also, how about using a 10-digit+ pin (with pin scrambling enabled) compared to a long password, which would be more preferable (including the need of trying to prevent shoulder-surfing attacks)?
You might want to ask this in the GrapheneOS forum instead:
Also recommend to read:
An answer on this subject, by GrapheneOS
The TLDR is to use 7 diceware words or 18 random lowercase character (both to attain above 90 bits of entrophy)
Personally I use a PIN longer than 6 numbers and fingerprint. The prescribed way doesnt seem sane as a daily driver especially as a normie pedestrian. It makes sense for high risk individuals, but not for me. If you are a high risk individual, fingerprint unlock isnt recommended as a way to unlock phones.
I agree, I definitely don’t see myself doing a passphrase of 7 words or more at each unlock…
I believe GrapheneOS is planning to develop a “two-factor” auth : Pin code + fingerprint (I read this recently I don’t remeber where exactly, if I’m not mistaken)
Thank you everyone for the feedback. I did go through what was posted in the GrapheneOS forum and think that 7 diceware words are kind of too much to unlock my phone. I won’t use fingerprint because it doesn’t feel like a secure method to me, but I wanted to maybe get some more opinions about using a long 10+ digits pin (with pin scrambling) for preventing shoulder-surfing attacks. Would you people recommend using a long passphrase or a reasonably long pin (with pin scrambling) in that case?
A code of 6 or 8 digits seems to me sufficient, with pin scrambling.
I prefer biometrics for preventing shoulder-surfing attacks actually, but only if you know how to quickly disable them. GrapheneOS is also nice in this regard because you can schedule automatic reboots which also disable biometrics just in case.
PIN scrambling is also a good method though, unless someone is literally so nearby they can see which individual numbers you’re hitting. Most surveillance-type cameras will be too resolution to make out the displayed numbers, but are good enough to see where you’re hitting the screen which can reveal your PIN, and PIN scrambling protects against that
I prefer biometrics for preventing shoulder-surfing attacks actually, but only if you know how to quickly disable them. GrapheneOS is also nice in this regard because you can schedule automatic reboots which also disable biometrics just in case.
Correct, but I am that type of person who wants secure defaults, so I don’t really want to rely on something like the automatic reboot and/or lockdown mode since, you might never have the time to for example, put the phone in lockdown mode.
However, I have considered using a 4-random-words passphrase (which turns out to have around 100 bits of entropy after it was edited a bit). It is long and definitely inconvenient, but is it worth the security? As of now, damn yes but hopefully, I don’t give up on keeping that long password