3 days in my opinion is too long imo for a default, if the entire point of it is to increase the security, the default gives 3 days worth of time for an entity to obtain a way to access it via some form of exploit or other means. That’s far long enough for most shipping options to send the device elsewhere that may have the appropriate tech to do so.
A 24h limit would significantly decrease the margin for exploitation. I agree the setting should have multiple time intervals though, I just think 3 days is way too long for the purpose of the setting. It seems like a “we wanna do something that sounds good, but won’t rock the boat for the powers that be”
3 days seems like a good “default” but I agree I’d definitely like the option to make it shorter.
3 days in my opinion is too long imo for a default, if the entire point of it is to increase the security, the default gives 3 days worth of time for an entity to obtain a way to access it via some form of exploit or other means. That’s far long enough for most shipping options to send the device elsewhere that may have the appropriate tech to do so.
A 24h limit would significantly decrease the margin for exploitation. I agree the setting should have multiple time intervals though, I just think 3 days is way too long for the purpose of the setting. It seems like a “we wanna do something that sounds good, but won’t rock the boat for the powers that be”