#Signal announced cloud-based backups a month ago, so I am late to the party. Still, I wanted to write down some notes on why 4 digit PINs aren't going to provide real security, no matter how hard one tries.
Thanks to @leip4Ier for bringing this topic to my attention.
https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/
@WPalant oh, i'm silly, there's also sms which should in theory be possession, but in fact is a complicated thing
@leip4Ier Yes, it's quite complicated. For server-side attacks it doesn't matter. On the client side you need to prove control of the phone number as well. But they announced this feature as a transition towards accounts not bound to a phone number. So this protection factor will likely go away, presumably it will only be the PIN then.
@WPalant server-side attacks are of little concern to a regular user (those who don't pay attention to "remote key changed" notifs either), but sms is p easy anyway
they have to use something to avoid spam, so it'll likely be email or oauth? (curious whether my @airmail.cc addresses will work if it's email!)
@WPalant i think it's also worth mentioning that for bank cards and smartphones, pin is in fact the second auth factor after possession. bank card is a hardware key, iphones have secure enclaves. if i understand correctly, for signal that pin is the only factor.