Escalating time delays when PIN is incorrect - act... - Samsung Community

oitbc · 3 weeks ago

Hi,

For a security audit we have to show that the S24 is capable of not allowing multiple PIN guesses in a short time period. A 'brute force attack'. Google Android documentation says it allows 5 attempts and then an escalation time delay pattern is used, but that the timing is up to each vendor. I've been through the user manual, service manual, and the other PDF's on the S24 page and none of them deal with it.

Apple have an answer at their web page here https://support.apple.com/en-gb/guide/security/sec20230a10d/web for their pattern. Does Samsung have anything like that for Android 14 on their phones please?

I have googled and asked Gemini AI and all I have been able to get is that it used to be just a 30 second lockout in Android 5 and it changed in later versions of Android to an escalating pattern especially when they mandated a 6 digit pin.

yamialex · 3 weeks ago

When was it mandatory for a 6-digit pin I had an s22 plus and a Galaxy Note 20 and I was able to do a four digit PIN

usermzeJaY3BsM · 3 weeks ago

OneUI 6.1 and above "mandate" a 6 digit pin, but you can get around this and still have a 4 digit one...

yamialex · 2 weeks ago

If there's still an option to do a four digit then there isn't a mandate a mandate would be it's mandatory you have a six digit PIN if you can do four six digit is a recommendation at that point

oitbc · 2 weeks ago

Anyone actually have the answer for the question I raised rather than a diversion on the topic?

Original topic:

Escalating time delays when PIN is incorrect - actual timings