Numeric PIN vs Passphrase for Signal PIN?

In the PrivacyGuides article regarding Signal hardening, it is recommended to use a strong passphrase for the Signal PIN, why is this the case? Why would a normal numeric PIN not be sufficient?

1 Like

If an attacker is attempting to hijack your Signal account, you want to make it as hard as possible for them to guess/brute force your Signal PIN.

I used my password manager to create and store my ‘PIN’ with a long complex password

1 Like

In Molly’s case additional to the account security PIN or Alphanumeric they have a Data Encryption at Rest that must uses a Passphrase.

I understand the security aspect of the passphrase but find a bit inconvenient to have two passwords and one necessarily needs to be a passphrase. I ended up deactivating the Data Encryption at Rest because it was asking the passphrase quite often and I have already the fingerprint lock active.