Security has always existed on a spectrum, balancing concerns like convenience against robustness from attacks —face unlockmay be very easy to use, but is it keeping your data as safe as a lengthy passphrase? Today we’re checking out all the myriad changes Google has prepared for its secondAndroid 14 Developer Preview, and while a couple tweaks have been spotted concerning how the platform approaches PIN authentication, from a security perspective it seems almost like a matter of one step forward, one step back.
The big change here isn’t yet live in the current release, but Android expert and spotter-of-all-things-DP Mishaal Rahman managed to manually enable a new toggle that wouldlet Android accept a valid PIN code the moment you entered the final digit, without having to manually hit submit. While that’s a move in favor of convenience, it could also allow an attacker to easily brute-force the final digit of a PIN, quickly trying every option.
To help mitigate that risk, Android 14 won’t even show that toggle as an option if your PIN isn’t at least six digits long. Google’s also adding language that explicitly advises users that longer PINs are more secure, but stops short of outright banning four-digit PINs across the board.
As Rahman notes, this is a subject that’s absolutely been on our mind lately, following reports late last month outlining just how disturbingly easy it is for someone in physical possession of your phone tosteal your entire Google account, knowing only your PIN. Sure, a couple extra digits areslightlyharder to remember, and takeslightlylonger to enter — but they also make your PIN ahundred timesmore secure.
We’re curious if Google might consider tweaking this approach slightly before it makes this option visible in a future Android 14 build — assuming it moves forward at all. If you’re interested in giving the current release a try, you caninstall the Android 14 Developer Preview on your Pixel phoneright now.
