Hacker News new | past | comments | ask | show | jobs | submit login

Most android phones have the option to require the user to log into the google account paired with the phone after X failed attempts.



That's quite nice.

Escalating to a stronger password after 5 failed attempts seems like a good measure which would got a long way to nullifying this sort of brute force attack.

How does logging into the Google account work if the phone is in Airplane mode or whatever where there will be no data connection?


The phone does not need to be unlocked to go out of airplane mode.


I think at that point the technical term is that you're screwed.


I'm guessing it must be covered - either it won't escalate to the account login or something similar.


What about two-factor auth?


This is for a smartphone PIN code. Are you suggesting a separate second factor to the physical phone itself?


Personally, I'd like the option to set an unlock pin that's weaker than my disk encryption password, and prompt for my disk encryption password (rather than a Google account) if I fail the pin a couple of times.


And that has been the default on all Android phones I've used so far.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: