Why is this the case?

[Neostarwcc]

Ok so I have biometrics setup into my tablet but what REALLY annoys me is the fact that in order to get into my tablet I need not only my finger print but also a 20 character password.

I don't use passwords on my desktop I use yubikey and that doesn't also need a password because its super secure. Well, so is a fingerprint. Nobody else in the world has the exact same fingerprint as you its just as good as if it were your DNA. Yet, somehow I need to remember a 20 character password AND use my fingerprint? Why? It makes absolutely no sense because like I said, you are the only one with that fingerprint and its just as good as if the device used DNA to get in.

The only scenario I can think of as to how this is "insecure" is if somebody held a gun to your head and demanded you log into your phone in which case, a password isn't going to help you either. NOTHING is going to help you so surely Samsung is not saying that with a password on top of a fingerprint nobody can get into a device.

Idk, maybe somebody who works in security can explain it to me? Because, to me this feature makes absolutely no sense.

 

[chevyontheriver]

Ok so I have biometrics setup into my tablet but what REALLY annoys me is the fact that in order to get into my tablet I need not only my finger print but also a 20 character password.

I don't use passwords on my desktop I use yubikey and that doesn't also need a password because its super secure. Well, so is a fingerprint. Nobody else in the world has the exact same fingerprint as you its just as good as if it were your DNA. Yet, somehow I need to remember a 20 character password AND use my fingerprint? Why? It makes absolutely no sense because like I said, you are the only one with that fingerprint and its just as good as if the device used DNA to get in.

The only scenario I can think of as to how this is "insecure" is if somebody held a gun to your head and demanded you log into your phone in which case, a password isn't going to help you either. NOTHING is going to help you so surely Samsung is not saying that with a password on top of a fingerprint nobody can get into a device.

Idk, maybe somebody who works in security can explain it to me? Because, to me this feature makes absolutely no sense.

Try having friends and neighbors use their fingerprints on your device to see whether any of them get by with it. Might surprise you. Fingerprints are unique but the scanner software might not be good enough to let only one fingerprint through. My daughter has a facial recognition login but granddaughter can log in with her face just fine. They are clearly different but the device thinks they are the same.

By the way, an Amazon cloud device used as a password cracker can make mincemeat of any password less than a dozen characters. Such short passwords are no longer considered secure. Sixteen to twenty is considered the new secure length for a password. Anything less is a joke which will only prevent honest people from hacking you. But then honest people aren't your problem.

 

[Wookiee]

By the way, an Amazon cloud device used as a password cracker can make mincemeat of any password less than a dozen characters. Such short passwords are no longer considered secure. Sixteen to twenty is considered the new secure length for a password. Anything less is a joke which will only prevent honest people from hacking you. But then honest people aren't your problem.

That's... not entirely true, and is affected by a lot of factors. Generally when passwords are cracked really quickly, it's a combination of:
- known passwords
- dictionaries
- known hashes

The failure at that stage (especially with hashes) isn't at all to do with the length, but the integrity of the system that has the password.

NIST and Microsoft both still recommend 8-12 characters for corporate use.