Android - Why, and how to increase 16-character lockscreen password limit?

From Android Security Internals: An In-Depth Guide to Android's Security :

Android doesn’t have a dedicated setting to manage the encryption pass- word after the device is encrypted, and changing the screen lock password or PIN will also silently change the device encryption password. This is most probably a usability-driven decision: most users would be confused by having to remember and enter two different passwords at different times and would probably quickly forget the less frequently used, and possibly more complex, disk encryption password. While this design is good for usability, it effectively forces users to use a simple disk encryption password, because they have to enter it each time they unlock the device, usually dozens of times a day. No one wants to enter a complex password that many times, and thus most users opt for a simple numeric PIN (unless a device policy requires otherwise)

Additionally, passwords are limited to 16 characters (a limit that is hardwired in the framework and not configurable), so using a passphrase is not an option

(Emphasis supplied)

I don't know more about this limitation and would be glad if somebody can amplify (Edit: Andrew T has clarified here to an extent)

So, that rules out increasing password length to beyond 16 ( how to increase, Androids 16 character lockscreen password limit )

Since you are on Lollipop , you may like to related pitfall (claimed to be fixed) of long passwords here Android lockscreen can be bypassed by overloading with massive password

Note:

  • For earlier versions (Lollipop and below), Cryptfs Password by Nikolay Elenkov, allows you to set a separate password for disk encryption or if your device is rooted

    su -c vdc cryptfs changepw new where new is your new password.

    Source: http://nelenkov.blogspot.be/2012/08/changing-androids-disk-encryption.html

  • Nikolay Elenkov is the author of the book Android Security Internals: An In-Depth Guide to Android's Security and runs a blog here


From the commit comment max password length symbols is limited only for UI reasons. Maybe there is no other reason which requires the lockscreen password to be up to 17 symbols (16+1)

EDIT: I created android build and tested with max password length 100 symbols and it is working for lock screen and also for encryption password

Fix 2504863: Use password min/max constants in ChooseLockPassword  
This fixes a bug where the system was defaulting to 8 digits max password length.  
The UI is best for N <=12, but works for more. I set the default limit to 16 which is more than most humans can remember. 
That also seems to be the practical limit for the small sample of DevicePolicyManagers I checked.  
DevicePolicyManagers can always specify more digits if they really want.  
Change-Id: I8637e0c9366800886759424b5a28f48dca15c535

https://osdn.net/users/zhicai_peng/pf/packages-apps-Settings/scm/commits/70d5c3a0139899e5f4d425c8ab2d68f0dfc5c6da

Tags:

Security

Password

Lock Screens

Related

Android - What is QuadRooter? Are 900 million Android devices vulnerable? Android - How to make Google Chrome definitely remain as the desktop version? Android - Completely disable the fingerprint sensor Android - Still can't change Google Play country Android - What is protected apps in Huawei phones? Android - Any security difference between root based firewall (AFWall+) and non-root based ones (NetGuard)? Android - How to write android shell history to file Android - Why is Android refusing to resolve DNS records pointing to internal IP addresses? Android - Altering left-right sound balance on Android 6.0.1 Android - Did Google remove the "backup while on wifi" option from the Photos app? Android - Widgets not updating anymore Android - How can I check which CPU chipset do I have?

Recent Posts