Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm speaking the case of the San Bernardino killers. Using strong alphanumeric pass phrases are anti-usability, the vast majority of people won't use them. Hell, the vast majority of people don't even have strong alphanumeric passwords on desktop services.

So it falls to either 2-factor or biometric to avoid PINs. Biometric of course has it's own problems.

Perhaps people should really carry around a Secure Enclave on a ring or something, and with a button to self-destruct it in case of emergency. (e.g. pinhole reset)



You only need the strong alphanumeric pass phrases on device startup, then you can use TouchID. I bought an iPhone 6 for exactly this reason (employer required strong passphrase, was too annoying to type in on the Android device I had at the time).


In a way, that's even worse. You're more likely to forget a complicated passphrase when you only have to type it in very seldomly.


You have to enter it every 48 hours.


Only if you don't unlock the phone in these 48 hours, no?


No, you have to enter it every 48 hours, regardless of what you have done with the phone in these 48 hours, and at every phone boot.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: