Originally Posted by malax
Yes and no. My kids learned my PIN and my wife's by watching us (not even over the shoulder), so that part is dead on. On the other hand, I like the security of knowing that if I lose my phone it will get wiped automatically if some stranger types in 11 guesses.
True. 11 guesses gives an attacker fairly good odds of guessing it though.
Where I work we have numbered locks on the doors and when I get bored I try to guess the codes. Most of the time it's under a dozen guesses or so and your in. You could use the longer alpha-numercial password to be safer.
I was mostly kicking back against how poorly the whole thing is being portrayed by the tech press. Everyone is saying this is a "bypass" of the lock screen for example when it's really only a partial bypass. Access to the phone itself is not given.
Also, it requires physical access to the phone, which if an attacker has, they could simply take your phone and take it back to their home in which case it's easy to break in. Any attack that requires physical control of the device is not really a security flaw in the same way as a "real" security flaw that could allow someone to access your stuff without your knowledge or consent. By giving them physical access, you are essentially complicit.
Finally, as others have pointed out, Android has numerous ways to *completely* bypass the lock screen (not partial), and no one gives a flying f*ck about that.
IMO it's just shameless the way this has been put forward by the tech press as some kind of giant serious security flaw when it isn't even close to that.