I recommend that everyone use an extended-length PIN for your phone. Both Android and iPhone support it. Mine is 12 digits; a bit of extra time, but vastly more difficult to brute-force or shoulder-surf.
Doesn't this depend on how worried you are about brute force and shoulder surfing? I am pretty sure in 99.9% of the time that someone is trying to access my phone for nefarious purposes is going to be someone who stole my phone when I left it somewhere. I have no reason to worry about an advanced attacker.
In this case, why would I make the trade off of convenience for security? I have to do 3 times the work to try to defend against an insanely rare attack.
The size of the alphanumeric keyboard is a real problem for me when trying to enter a password to open my device.
Sure, I can do it, but it really slows me down, and makes the value of the password a lot less to me.
I'd rather use a longer and more complex PIN on a much larger keyboard. Preferably one that re-uses at least some of the numbers, so they might have an idea of how long the PIN is, but they might have a harder time figuring out what the correct order of the numbers is.
At least, that's my current view. That might change tomorrow. ;)
