Complementarity is an essential feature of quantum mechanics. The preparation of an eigenstate of one observable implies complete randomness in its complementary observable. In quantum cryptography, complementarity allows us to formulate security analyses in terms of phase-error correction. However, the concept becomes much subtler in the device-independent regime that offers security without device characterization. Security proofs of device-independent quantum cryptography tasks are often complex and quite different from those of their more standard device-dependent cousins. The existing proofs pose huge challenges to experiments, among which large data-size requirement is a crux. Here, we show the complementarity security origin of the device-independent tasks. By linking complementarity with quantum nonlocality, we recast the device-independent scheme into a quantum error correction protocol. Going beyond the identical-and-independent-distribution case, we consider the most general attack. We generalize the sample entropy in classical Shannon theory for the finite-size analysis. Our method exhibits good finite-size performance and brings the device-independent scheme to a more practical regime. Applying it to the data in a recent ion-trap-based device-independent quantum key distribution experiment, one could reduce the requirement on data size to less than a third. Furthermore, the operational meaning of complementarity naturally extends device-independent scenarios to advantage key distillation, easing experiments by tolerating higher loss and lower transmittance.