[JshWright]

I wish it was easier to decouple the passphrase for the key and the passcode to unlock the device...

They have _very_ different security properties. Offline brute forcing the unlock passcode is far harder (presumably it's stored in the encrypted fs), so a shorter code is fine. Offline brute forcing of the encryption key passphrase is much easier (as TFA explains), but I'm never going to use a 'good' passphrase there, as it would be far too annoying to have to type it every time I unlock the phone...

[ancientworldnow]

It requires root, but Cryptfs (available in the play store and f-droid) enables just such a feature. In fact, it's written by this blog post's author.

http://nelenkov.blogspot.com/2012/08/changing-androids-disk-...

https://play.google.com/store/apps/details?id=org.nick.crypt...

[JshWright]

> It requires root

And there's the problem... I'm trading one security improvement for a whole host of other issues...

[ancientworldnow]

That's a valid concern, though you can root, install and run the app, and then unroot. It's not a good solution, but it is a solution until Android L builds in the ability to use different passwords.

[icebraining]

Which issues?

[higherpurpose]

Google needs to solve that part of the problem. Apple has already solved it with TouchID.

Google needs to do the same and mandate all OEMs must certify for fingerprint scanning technology (that has a high-standard of accuracy and security, not the gimmicks HTC and Samsung have tried before), or at least incorporate the same kind of technology Nymi uses in all Android Wear watches, so you can unlock the phones with that. Google should either acquire or replicate what these guys are doing:

http://www.getnymi.com/

[dvhh]

TouchId does not replace the password, it is merely a shortcut for it, as far as the current implementation goes.

[jonknee]

Touch ID still requires you to type in your password after you boot the phone. Still quite handy, but not a password replacement by any means.

[comex]

I think the idea is that the password (which can be made complex if you don't have to enter it that often) is analogous to the "passphrase for the key", while Touch ID serves as the normal "passcode to unlock the device".