Android 14 is sending mixed messages about PIN security

Everybody stop using 4-digit PINs, already

Security has always existed on a spectrum, balancing concerns like convenience against robustness from attacks — face unlock may be very easy to use, but is it keeping your data as safe as a lengthy passphrase? Today we’re checking out all the myriad changes Google has prepared for its second Android 14 Developer Preview, and while a couple tweaks have been spotted concerning how the platform approaches PIN authentication, from a security perspective it seems almost like a matter of one step forward, one step back.

The big change here isn’t yet live in the current release, but Android expert and spotter-of-all-things-DP Mishaal Rahman managed to manually enable a new toggle that would let Android accept a valid PIN code the moment you entered the final digit, without having to manually hit submit. While that’s a move in favor of convenience, it could also allow an attacker to easily brute-force the final digit of a PIN, quickly trying every option.

To help mitigate that risk, Android 14 won’t even show that toggle as an option if your PIN isn’t at least six digits long. Google’s also adding language that explicitly advises users that longer PINs are more secure, but stops short of outright banning four-digit PINs across the board.

As Rahman notes, this is a subject that’s absolutely been on our mind lately, following reports late last month outlining just how disturbingly easy it is for someone in physical possession of your phone to steal your entire Google account, knowing only your PIN. Sure, a couple extra digits are slightly harder to remember, and take slightly longer to enter — but they also make your PIN a hundred times more secure.

We’re curious if Google might consider tweaking this approach slightly before it makes this option visible in a future Android 14 build — assuming it moves forward at all. If you’re interested in giving the current release a try, you can install the Android 14 Developer Preview on your Pixel phone right now.

Conclusion on Android 14 is sending mixed messages about PIN security

If you have any query let me know in comment section.

Post a Comment