You can also get away with a much weaker passphrase if you can somehow rate-limit brute force attacks. As I understand it that's one of the things the T2 does, you can't authenticate except through the T2, and the T2 will slow you down and lock you out after n tries.
And I think that's actually incredibly underappreciated feature, most people are both bad at memorizing long, complex passwords/passphrases and not all that motivated since the threat is quite abstract. I've had a hard time convincing some people to have any sort of password at all on their laptop (that they travel with, work in all sorts of places and are overall pretty careless with), as it carries the risk of forgetting the password and it's cumbersome and inconvenient compared to being able to simply open the computer to a logged-in desktop.
Making security less of a hassle really does help with adoption. Having a short, relatively weak, but not trivial password is way way better than having none at all, and realistically that's all most people are ever going to have, so making those passwords hold up better is a really smart move that instantly ups the security of lots and lots of people out there.
But that's not something I believe you could do without a scheme like tieing the encrypted data to a complex secret inside a specific T2 that is uncracked, otherwise you could simply put the SSD in another computer and brute-force it there.
And I think that's actually incredibly underappreciated feature, most people are both bad at memorizing long, complex passwords/passphrases and not all that motivated since the threat is quite abstract. I've had a hard time convincing some people to have any sort of password at all on their laptop (that they travel with, work in all sorts of places and are overall pretty careless with), as it carries the risk of forgetting the password and it's cumbersome and inconvenient compared to being able to simply open the computer to a logged-in desktop.
Making security less of a hassle really does help with adoption. Having a short, relatively weak, but not trivial password is way way better than having none at all, and realistically that's all most people are ever going to have, so making those passwords hold up better is a really smart move that instantly ups the security of lots and lots of people out there.
But that's not something I believe you could do without a scheme like tieing the encrypted data to a complex secret inside a specific T2 that is uncracked, otherwise you could simply put the SSD in another computer and brute-force it there.