The lock screen is the last line of defence between your encrypted data and someone holding your device. Most people use a 6-digit PIN. For most threat models, it's fine. For others, it's not.
GrapheneOS includes hardware rate-limiting through the Titan M security chip, which makes brute-forcing a PIN extremely slow. But a strong passphrase — four or five random words — eliminates the risk entirely, and is worth understanding regardless of whether you use one.
How GrapheneOS Lock Screen Security Works
GrapheneOS encrypts your storage with AES-256-XTS. The encryption key is derived from your PIN or passphrase using a key derivation function backed by the Titan M secure element. Without your credentials, the key cannot be reconstructed — and without the key, the data is ciphertext.
The Titan M chip enforces escalating delays between wrong guesses. The first four attempts have no delay. From attempt five onward, delays increase — reaching hours, then years per attempt at higher counts. After 20 failed attempts, the encryption keys are wiped and the device resets. There is no override for this, and no recovery.
This hardware throttling is what makes a good 8-digit PIN effectively safe against automated attack. The key word is 'good' — a PIN that's your birth year, your postcode, or a repeating digit has far fewer practical guesses.
PIN vs Passphrase: The Numbers
A 6-digit PIN has 1,000,000 possible combinations. An 8-digit PIN has 100,000,000. The hardware throttling means neither can be brute-forced quickly — but a targeted attacker who knows something about you can reduce the search space dramatically.
A 4-word passphrase drawn from the EFF diceware wordlist has approximately 7,776⁴ = 3.6 × 10¹⁵ possible combinations. A 5-word passphrase has 2.8 × 10¹⁹. These numbers are not meaningfully different from random for any practical attack.
The right choice depends on your threat model. For most people, a random 8-digit PIN (not a date, not a repeating digit) plus GrapheneOS's hardware throttling is sufficient. For journalists, lawyers, executives, and anyone whose data warrants serious protection — use a passphrase.
Choosing a Good Passphrase
The best passphrases are random. Not 'feels random' — actually random. The EFF diceware method generates passphrases by rolling physical dice and looking up words in a published list. The randomness is provable because it comes from physical entropy, not from a human's guess of what's unpredictable.
A good passphrase looks like: 'clutter-fencing-mural-afoot'. Unrelated words, no pattern, nothing personal. A bad passphrase looks like: 'correct horse battery staple' — that specific one is now famous and would be one of the first guesses.
- Use 4–6 random words (not a memorable sentence)
- Do not use names of people, places, or things in your life
- Avoid dictionary phrases or song lyrics
- Write it down and store it somewhere physically secure — not in your phone
Setting Your Passphrase on GrapheneOS
Settings → Security → Screen lock → Password. GrapheneOS's 'Password' option accepts both passphrases and short passwords. It fully supports spaces — you can separate your words with spaces, hyphens, or nothing.
Enter your passphrase, confirm it, then test it immediately. Exit to the lock screen and verify you can enter the passphrase correctly before assuming setup is complete.
After setting your passphrase, add a fingerprint for daily convenience: Settings → Security → Fingerprint unlock. You'll still need your passphrase on every reboot, but fingerprint handles day-to-day unlocking.
The Border Crossing Consideration
In some jurisdictions, you can be legally compelled to provide biometric authentication (fingerprint, face) but not knowledge-based credentials (passwords, PINs). If you cross borders where this is a concern, power off the phone before reaching customs. A powered-off GrapheneOS device requires the passphrase on next boot — biometrics don't work until after the first passphrase entry.
Combine this with the duress password feature if the threat level warrants it — see the duress password guide.
Frequently asked questions
- What happens if I forget my passphrase?
- The device cannot be unlocked without the correct passphrase. After 20 failed attempts, it wipes itself. Write your passphrase down and store it somewhere physically secure — a locked safe, a sealed envelope in a secure location. Do not store it digitally.
- Does fingerprint replace the passphrase?
- No. Fingerprint is a convenience supplement. You need the passphrase on every reboot, and the passphrase is the only thing protecting the encryption keys. Fingerprint cannot be used to derive those keys.
- Is an 8-digit PIN really safe enough?
- For most people, yes. The Titan M chip's hardware throttling makes automated brute-force attacks impractical against a random 8-digit PIN. The risk is targeted guessing — if an attacker knows facts about you, they can reduce the search space. A passphrase eliminates this risk.
- Should I use the same passphrase as my Proton account?
- No. Each credential should be unique. Your Proton password should be managed in Proton Pass and be distinct from your device passphrase.
Still have questions?
We answer personally — no ticket queue.