Are you one of the many people who is using a dangerously easy-to-guess passcode on your iPhone?
Maybe you should do something about it - sooner rather than later.
The warning comes after new research suggested that 15% of all iPhone owners use one of just ten passwords on their lock screen:
Apple iPhone app developer Daniel Amitay published the interesting research, looking at the four digit passcodes that users choose to secure their systems with.
Fortunately, he didn't snoop on the actual passcodes used by iPhone users to lock their devices - but instead anonymously collected the codes chosen by users to secure the "Big Brother Camera Security" app he develops. In all, Amitay collected over 204,000 passcodes.
Amitay postulated that as Big Brother's password setup and lock screen are nearly identical to the actual iPhone lock screen, the likelihood is that the passcodes used would most likely correlate with the codes used to lock iPhones.
Now, I can think of strong arguments why some people would choose different passcodes for an app than the one they use to lock their smartphone, but my hunch is that many people don't bother.
Regardless of those quibbles - Amitay's findings are worthy of exploring.
Some of the passcode choices that Amitay's research has thrown up are sadly predictable. People who are choosing the likes of "1234", "0000" and "1111" as their passcode, for instance, are doing the equivalent of locking up their cars with a piece of thin string.
Those who have chosen "0852" and "2580" aren't doing much better - they've just chosen their passcode by sweeping up and down the keypad.
What I couldn't immediately understand, however, was any rhyme or reason behind "5683" and "1998".
Fortunately, Amitay has a theory on this. He points out that "5683" spells out "LOVE" on the keypad, and that may be why it's so widely used.
And "1998"? Well, it turned out that 199* represented the highest frequency of choices that could represent a decade (the 1990s) - so maybe this is an indication of birth years or the year of graduating college.
I hope you're not using an easy-to-crack passcode on your iPhone.
Maybe you should switch to using a passphrase for your phone's security instead? At the very least that won't restrict you to four numeric digits - so you can make things a little more complex.
If you want to turn the simple passcode off on your iPhone, click on the Settings icon, followed by General to reach the Password Lock options.
With the Simple Passcode option disabled, you'll be able to choose a longer, more complex password which can comprise upper- and lowercase letters, numbers and even special characters.
Of course, you'll still need to be sure you don't choose one of the top 50 passwords you should never use.
Oh, and one final thought.. What's the 4 digit PIN you use at the bank's ATM cash machine?
Follow @gcluley
Phew mine isn't there. Scary.
First of all - I looked at that app in the App Store, and even downloaded it. Not sure I am going to install it on my iPhone, because nowhere did it mention that the app was reporting data like *the PIN used to secure it* back to the developer! This sounds like a really dangerous type of app: one which has a lock screen that looks like the one that came with the iPhone, and which "phones home" with the PIN you entered. I'm really surprised the App Store gatekeepers let this one by, to be honest.
That said, the weaknesses of using a 4-digit PIN to secure an iPhone are well known, so good call on suggesting people disable the "simple passcode".
Last, but not least: I don't know about your bank, but mine doesn't require a 4-digit PIN (it either allows, or *requires*, a longer code.)
~EdT.
I think a lot of people use a pattern as a way to ensure their phone doesn't unlock itself accidentally in their bag or pocket, *not* as a security password.
I personally really like the pattern lock, one for not unlocking by accident but the security isnt bad so long as you make it complex enough. I know most of my friends all just have a Z pattern so its not hard to guess.
My question is why apple restricted the PIN to 4 digits????
I would gladly have a much longer string of digits (alpha password would is too cumbersome).
That reminds me of President Skroob:
"1-2-3-4-5? That's amazing. I've got the same combination on my luggage." http://www.imdb.com/title/tt0094012/quotes
That's amazing! I've got the same combination on my luggage!
Must only be an option for 3GS phones and above... I think I am on the latest update for my 3G, and I only have the option to turn the lock on or off. I always thought the 4 digit pass code was a joke. I agree with Ben; why was a 4 digit numeric code ever used as the default...
Apple acts quickly to remove the big brother app for collecting passcodes
http://buzzintechnology.com/2011/06/apple-removes...
Lol, 1998. Do that many 12 year olds really have iphones? I guess it could be the birth date of a child for some people... but usually when it's a date it's their own birth day.
As an IT tech, I often sit in front of someone's computer and when confronted with a password challenge, say "what's your password? No, wait, let me guess. What's the name of your favourite pet?" The amount of times I see the colour drain from their face is funny.
4 numbers is small. Pass phrases becomes difficult.
WTF, so this guy was HARVESTING PASSWORDS with his app? Why isn't anyone seeing anything wrong with this? I know I will NEVER buy, use, or install any software made by this guy or anyone he works for in the future. Those passwords should be hashed, preferably before even sending over the wire. Who the EFF harvests and stores passwords? Crackers and criminals - that's who. JEEZ. *stepping off my soapbox*
You overlook the least elegant, but undoubtedly most common way of passcode theft: watching someone else's screen. Picture yourself in the mall, at a coffee shop, even with a group of friends, when you need the phone, so you grab it, but, darn, the screen is locked. Gasp, you have a screen that now seems gigantic that anyone in back of you can see. So you have to let everyone around you know that you don't trust any of them while you try to hide the screen by positioning it in such a way that nobody can see it while you punch in your passcode. I would venture to say that, rather than letting it be known that you don't trust all of those around you, even if you are (reasonably enough) paranoid about the passcode, you enter it without making it appear that you are trying to hide it.
Surprising that for an Apple device, that 1-9-8-4 would not be higher. Maybe I'm of the wrong generation.