Android - Why, and how to increase 16-character lockscreen password limit?

From Android Security Internals: An In-Depth Guide to Android's Security :

Android doesn’t have a dedicated setting to manage the encryption pass- word after the device is encrypted, and changing the screen lock password or PIN will also silently change the device encryption password. This is most probably a usability-driven decision: most users would be confused by having to remember and enter two different passwords at different times and would probably quickly forget the less frequently used, and possibly more complex, disk encryption password. While this design is good for usability, it effectively forces users to use a simple disk encryption password, because they have to enter it each time they unlock the device, usually dozens of times a day. No one wants to enter a complex password that many times, and thus most users opt for a simple numeric PIN (unless a device policy requires otherwise)

Additionally, passwords are limited to 16 characters (a limit that is hardwired in the framework and not configurable), so using a passphrase is not an option

(Emphasis supplied)

I don't know more about this limitation and would be glad if somebody can amplify (Edit: Andrew T has clarified here to an extent)

So, that rules out increasing password length to beyond 16 ( how to increase, Androids 16 character lockscreen password limit )

Since you are on Lollipop , you may like to related pitfall (claimed to be fixed) of long passwords here Android lockscreen can be bypassed by overloading with massive password


  • For earlier versions (Lollipop and below), Cryptfs Password by Nikolay Elenkov, allows you to set a separate password for disk encryption or if your device is rooted

    su -c vdc cryptfs changepw new where new is your new password.


  • Nikolay Elenkov is the author of the book Android Security Internals: An In-Depth Guide to Android's Security and runs a blog here

From the commit comment max password length symbols is limited only for UI reasons. Maybe there is no other reason which requires the lockscreen password to be up to 17 symbols (16+1)

EDIT: I created android build and tested with max password length 100 symbols and it is working for lock screen and also for encryption password

Fix 2504863: Use password min/max constants in ChooseLockPassword  
This fixes a bug where the system was defaulting to 8 digits max password length.  
The UI is best for N <=12, but works for more. I set the default limit to 16 which is more than most humans can remember. 
That also seems to be the practical limit for the small sample of DevicePolicyManagers I checked.  
DevicePolicyManagers can always specify more digits if they really want.  
Change-Id: I8637e0c9366800886759424b5a28f48dca15c535