issue:
when logging in via screen lock screen, device asks for a PIN. However when you type in the wrong pin it highlights numbers from your pin to help you log in
This might seem like it’s helpful, but the problem is it leaks digits of my PIN to outsiders. The PIN is only N digits long and it wouldn’t take long at finding “hints” before you could figure the whole PIN out.
[I went looking for a way to disable this functionality for the login screen but didn’t see any either in the settings or online]
I’m not sure this is accurate. I’m not seeing it on my L5. I see only highlight of numbers that are pressed, when they are pressed.
You can in the meanwhile use a regular longer password in liu of pin - the keypad changes to touchkeyboard from lower left corner button. For additional security, you can also enable the “sudoku pad”, randomized pin keypad (to make video attacks harder) from the Mobile settings - if you want to fight muscle memory.
I don’t suppose you can get an image or video clip of this behavior (obviously change your pin)?
Just to check, which version of phosh are you using? I think this would be a feature there.
I did a quick search on merge requests and didn’t find anything directly related there (Merge requests · World / Phosh / phosh · GitLab) but based lets ping @guido.gunther for better answer.
Please note that no Linux computer actually even knows your password (your PIN) so it certainly can’t highlight the characters that you correctly included, leaving the incorrect characters unhighlighted.
Anyway, if this is high contrast mode then this is a known bug. I experience it too. It’s not trying to be helpful or provide a hint. It’s just a bug.
It randomly and unpredictably leaves digits of your PIN highlighted. It does this even when you get the PIN correct. It doesn’t always do it. However, for me personally, I only ever see it when unlocking after it locks the screen, not when initially unlocking after boot. YMMV.
Note that in high contrast mode, you get to choose the background illumination threshold, which means that the ability to reproduce this bug will depend on the level of background illumination , potentially making it appear even more random.
Presumably even if you use a PIN (short, all-numeric password), you can still use the regular on-screen-keyboard, and thereby avoid this problem.
Fortunately someone else figured it out. I just set my phone to high contrast mode so that when it finally gets fixed, I will know. And I set the threshold very very low so that the screen is essentially always in high contrast (thereby removing that variable).
Then it’s a known bug. The workaround is as @JR-Fi says … from the PIN pad, touch the small keyboard icon at bottom left and then use the regular on-screen-keyboard to enter the PIN.
, potentially making it appear even more random.