This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Pin limited to 4 characters

fastrunner
fastrunner
in Android
Earlier versions of 1P Android let me use a pin that was 8 characters long? The newest version is limited to 4. I really liked the pin feature, but I don't feel it's very secure now with just 4 characters. Is there a way to use a longer pin? I feel like someone could potentially guess my pin with enough attempts.
Flag

Comments

  • GeneY
    GeneY AWS Team
    edited June 2011
    Hello fastrunner,



    Thank you for the feedback: I understand you apprehension about PIN number.

    I tried to make PIN implementation easy to remember (the same way as it is on 1Password for iOS).

    After 5 incorrect guesses the application exits and removed from memory.Next launch will require your Master Password and not PIN.

    I think that a chance to guess 4 digit PIN combination for 5 attempts is pretty low (I forgot the formula from my university probability course: what is a probability of correct guessing of 4 numbers in 5 attempts out of 10K possible combinations by 4?).If I am correct it is 1 in 2000 cases. Notice that PIN is not for used for login, it is just for unlocking an application which has already been opened by correct Master Password (which, of course, should be long and complex).It is important to stress that PIN is not used for encrypting/decrypting data. PIN is just a way to get into an open application easier after it went to the background by clicking Home button, launching another app etc.



    Therefore, I'd like to assure you that PIN combination of 4 digits doesn't compromise your security.

    However, if you still feel somewhat uneasy about that, you can choose an option to lock your application with Master Password.



    Please let me know if you find my arguments reasonable of would like more information on that.



    Thank you and best regards,

    Gene

    Android developer <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif' class='bbc_emoticon' alt=':rolleyes:' />



    PS. By the way, there is a new release of 1Password Reader coming to Market in the next week or two, please stay tuned for the updates.

    This release will be a last major release of the application as a reader only, after that I will concentrate my efforts on editable version.

    There will be a support for the new 1Password keychain ultra-secure format (which is being adopted by all Agile applications) and some other features

    you will definitely find useful.





    [quote name='fastrunner' timestamp='1308350209' post='29448']

    Earlier versions of 1P Android let me use a pin that was 8 characters long? The newest version is limited to 4. I really liked the pin feature, but I don't feel it's very secure now with just 4 characters. Is there a way to use a longer pin? I feel like someone could potentially guess my pin with enough attempts.

    [/quote]
    Flag
  • fastrunner
    fastrunner
    Gene,



    My password is long and complex, 20+ random upper-case and lower-case letters and numbers. It is a bit difficult to type my password quickly, that's why I really like the pin option. Actually, the 4 digit pin is not a problem for me, because I have a password on my phone that also wipes the phone and SD card if an incorrect password is entered 5 times. So, even if someone gets my phone, they will probably not be able to crack that.....I hope. However, my wife does not use a password on her phone so the longer pin was good for her.



    I think you're right about the possibilities of someone guessing a 4 digit pin in 5 tries. It seems pretty unlikely. I was wondering what the maximum password attempts was, now that I know it's 5 and then you are locked out, that's comforting. I don't know why I couldn't find that information before, thanks for that.



    I will look forward to the new release, and especially what you do with 1P for Android after this release! Thanks again.
    Flag
  • GeneY
    GeneY AWS Team
    You are very welcome, fastrunner.



    I am glad that you find my arguments about 4 digits PIN reasonable.

    Let's stay in touch, will always be glad to hear from you.



    Best regards,

    Gene



    [quote name='fastrunner' timestamp='1308596691' post='29670']

    Gene,



    My password is long and complex, 20+ random upper-case and lower-case letters and numbers. It is a bit difficult to type my password quickly, that's why I really like the pin option. Actually, the 4 digit pin is not a problem for me, because I have a password on my phone that also wipes the phone and SD card if an incorrect password is entered 5 times. So, even if someone gets my phone, they will probably not be able to crack that.....I hope. However, my wife does not use a password on her phone so the longer pin was good for her.



    I think you're right about the possibilities of someone guessing a 4 digit pin in 5 tries. It seems pretty unlikely. I was wondering what the maximum password attempts was, now that I know it's 5 and then you are locked out, that's comforting. I don't know why I couldn't find that information before, thanks for that.



    I will look forward to the new release, and especially what you do with 1P for Android after this release! Thanks again.

    [/quote]
    Flag