Why, and how to increase 16-character lockscreen password limit?

Question

This is a problem that has annoyed me, as the password that I have memorized is around the 20-character mark, yet Android limits it to 16 characters

Why, and how to increase, 16-character lockscreen password limit?

If it's relevant, the Android is running on 5.1 Lollipop.

Check the build.prop if you can find any edits ....there are tons of stuff you can play around with in the build.prop file..just have a look and let me know :-) — user87552, Aug 12 '16 at 18:01
@user87552 Their aint no mention in build.prop, i already have looked their. — Matt07211, Aug 12 '16 at 22:35

score 9 · Accepted Answer · edited Apr 13 '17 at 12:18

From Android Security Internals: An In-Depth Guide to Android's Security :

Android doesn’t have a dedicated setting to manage the encryption pass- word after the device is encrypted, and changing the screen lock password or PIN will also silently change the device encryption password. This is most probably a usability-driven decision: most users would be confused by having to remember and enter two different passwords at different times and would probably quickly forget the less frequently used, and possibly more complex, disk encryption password. While this design is good for usability, it effectively forces users to use a simple disk encryption password, because they have to enter it each time they unlock the device, usually dozens of times a day. No one wants to enter a complex password that many times, and thus most users opt for a simple numeric PIN (unless a device policy requires otherwise)

Additionally, passwords are limited to 16 characters (a limit that is hardwired in the framework and not configurable), so using a passphrase is not an option

(Emphasis supplied)

I don't know more about this limitation and would be glad if somebody can amplify (Edit: Andrew T has clarified here to an extent)

So, that rules out increasing password length to beyond 16 ( how to increase, Androids 16 character lockscreen password limit )

Since you are on Lollipop , you may like to related pitfall (claimed to be fixed) of long passwords here Android lockscreen can be bypassed by overloading with massive password

Note:

For earlier versions (Lollipop and below), Cryptfs Password by Nikolay Elenkov, allows you to set a separate password for disk encryption or if your device is rooted

su -c vdc cryptfs changepw new where new is your new password.

Source: http://nelenkov.blogspot.be/2012/08/changing-androids-disk-encryption.html
Nikolay Elenkov is the author of the book Android Security Internals: An In-Depth Guide to Android's Security and runs a blog here

The length limit is mentioned on this line of Android source code, where it will be checked on this line when validating the password. Aside of that, there's no reason mentioned why it's 16 characters. — Andrew T., Aug 12 '16 at 13:36
Note as well that it is technically configurable -- that is only the default. The intent to create that activity can specify a different max length; it's probably up to the manufacturer to do so. — Matthew Read, Aug 12 '16 at 18:58
@AndrewT. In response to your comment, is this a changeable aspect of a compiled Android system that is already running, or is this a type of chnange you have to do before compiling the Android system, meaning I would have to create myself an custom ROM? — Matt07211, Aug 12 '16 at 22:40
@Matt07211 as mentioned on the answer, it's hard coded, and there's no way to change it after it has been compiled. However, as Matthew has commented, there should be an Intent generator to configure (and thus, bypass) the limit. Whether it's possible to be used by end-user - conveniently - or not, I haven't researched it. — Andrew T., Aug 13 '16 at 01:43
@AndrewT. Thanks for the reply, I really just wanted to know that if it's changable by an end-user, which it seems it isn't but seems like its changeable, if let's say I built my own cuutim ROM for my phone :) thanks for the info — Matt07211, Aug 13 '16 at 02:29
Answers to https://stackoverflow.com/questions/10316130/cant-call-com-android-settings-chooselockpassword-activity indicate that calling that intent is not possible from outside of the Settings application. — beroal, Feb 14 '21 at 10:48

Borislav Gizdov · Answer 2 · 2017-08-17T13:07:20.780

From the commit comment max password length symbols is limited only for UI reasons. Maybe there is no other reason which requires the lockscreen password to be up to 17 symbols (16+1)

EDIT: I created android build and tested with max password length 100 symbols and it is working for lock screen and also for encryption password

Fix 2504863: Use password min/max constants in ChooseLockPassword  
This fixes a bug where the system was defaulting to 8 digits max password length.  
The UI is best for N <=12, but works for more. I set the default limit to 16 which is more than most humans can remember. 
That also seems to be the practical limit for the small sample of DevicePolicyManagers I checked.  
DevicePolicyManagers can always specify more digits if they really want.  
Change-Id: I8637e0c9366800886759424b5a28f48dca15c535

https://osdn.net/users/zhicai_peng/pf/packages-apps-Settings/scm/commits/70d5c3a0139899e5f4d425c8ab2d68f0dfc5c6da

Thanks for the extra info, tad annoying though, I geuss I'll just stick with the current max password limit :-/ — Matt07211, Aug 14 '17 at 14:37

Why, and how to increase 16-character lockscreen password limit?

2 Answers2

Linked