Apple can Quattruple-AES-4096 encrypt the phone and close ALL Bugs including Jailbreak, if Paris uses "1234" as PIN, it won't matter (and i firmly belive that 1234 is too complex a password for her anyways...)
And for most people it seems. Have you read: http://www.datagenetics.com/blog/september32012/ ?
If your default locking mechanism recommends a four digit PIN code and you have no way (like a bank) of enforcing a retry limit since it is possible to do a memory clone of your device, who is to blame if the mechanism fails? The customer who used it as it seemed to be designed or the engineer who chose the mechanism? The person who just went to a shop and assumed that the system they bought was fit for being a personal mobile device or the engineer who failed to make it that way.
iPhone has a 4 digit PIN, and full pass phrase, complete with timed lockout after multiple bad passwords, and with the option of wiping the device.
A six digit PIN would be nice, but would probably be birth dates too hohum.
Samsung has come up with ideas such as facial recognition.
I thought that was cool too. But once I had fooled it with a (bad) photo of me displayed from my iPhone I decided that it was a terrible idea. I'm sure it would have problems with my habit of growing a beard and shaving it off every month or so too.
It would be perfectly possible to sell an RFID bracelet with the phone and unlock when within a few CM of it.
Yes, because RFID and NFC tokens can't be hacked, cloned or masqueraded as
Those are the ideas I can come up with in three seconds of thinking each of which is better than a PIN code.
And probably why you've not got a role in the IT security industry too, I'd wager?
I agree with your assertion that short PINs are a terrible idea, but biometrics are worse.
However, there's a huge gap between what a user will accept and what's accepted as good practice.
Users will undoubtably choose the lazy option.