In the PrivacyGuides article regarding Signal hardening, it is recommended to use a strong passphrase for the Signal PIN, why is this the case? Why would a normal numeric PIN not be sufficient?
1 Like
If an attacker is attempting to hijack your Signal account, you want to make it as hard as possible for them to guess/brute force your Signal PIN.
I used my password manager to create and store my ‘PIN’ with a long complex password
1 Like
In Molly’s case additional to the account security PIN or Alphanumeric they have a Data Encryption at Rest that must uses a Passphrase.
I understand the security aspect of the passphrase but find a bit inconvenient to have two passwords and one necessarily needs to be a passphrase. I ended up deactivating the Data Encryption at Rest because it was asking the passphrase quite often and I have already the fingerprint lock active.