Having to enter a 25+ character random alphanumerical password every time you need to use your phone isn't anywhere near acceptable for modern usage expectations. Hell, it's not even acceptable for laptop and desktop computers.

Sure, a useless system is technically safe but it's still useless.

For the average user, definately not, I agree with you there.

For laptop and desktop computers this should be the standard in my opinion, at least 20 random chars if you value your privacy and care for security. Once your inside the system you can use a password manager to use passwords as long as possible without any notable impact on user expierience.

But I haven't said I'm the average user, and a six digit passcode just isn't secure I doubt you'd argue on that point?

I'd argue that under some conditions: I feel it's secure enough for locking a phone for example because a phone won't allow any form of brute-force unlocking that would allow an attacker to try, lets say 1 password/sec. Same goes for pin codes on debit cards. Same goes for a physical combination lock safe: 1 million possible combinations would take an impractically long time to crack on average in a realistic real world attempt.

For things like hard drive encryption where you can get the specific piece of hardware and have software brute force it then yes I agree it's insufficient.