Signal using spaced repetition to force you to remember the new mandatory PIN is basically just a website that disables copy-paste in disguise.
🇳🇱
@freemo Both induce users to use less safe passwords that they can easily remember. I do not want or need to remember my Signal password, it would be better if I stored it in a password manager, but if I'm going to get bugged for my PIN daily, then weekly (with the possibility of an account lockout I guess), I'll just set it to 1234 and be done with it.
@freemo I'd even be fine with doing that if this was "extra" security, but it's actually a significant change to their threat model: they will now store your data in the cloud, protected by this PIN.
@pganssle well yea i guess if they are enforcing a 4 character pin they are encouraging insecure passwords for sure.
@freemo I think that might be the default — they allow it to be a long alphanumeric pin, but then you need to open your password manager and copy-paste if you want access to your text messages.
The only reason (they explicitly say this) they do the unskippable PIN reminder thing is because they want you to remember the password, but nearly any password you can remember is... not a good password.
