Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Most Common iPhone Passcodes

Posted by Soulskill on from the one-two-three-four dept.

Orome1 writes "The problem of poor passwords is not confined to computer use, and that fact was illustrated by an app developer who has added code to capture user passcodes to one of its applications. 'Because Big Brother's [the app in question] passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes,' says Daniel Amitay. It turns out that of the 204,508 recorded passcodes, 15% were one of the most common ten."

28 of 192 comments (clear)

  1. What? by sirboxalot · · Score: 2

    No 4242?

    1. Re:What? by zonky · · Score: 3, Informative

      Password use is going to be interesting. Bet 99% are the same as their PIN for any cards, and the same as a home alarm.

    2. Re:What? by PopeRatzo · · Score: 4, Funny

      No 4242?

      I use the last four digits of pi as my code.

      --
      You are welcome on my lawn.
  2. Here's a question... by jojoba_oil · · Score: 3, Interesting

    ...how did an app like "Big Brother" make it onto the App(le) store?

    I thought they paid people to test each app before approval; you know, as a first defense against apps that look to imitate the lock screen and steal passcodes...

    1. Re:Here's a question... by CharlyFoxtrot · · Score: 4, Informative

      App in question in action. Description from the video :

      "This is not a prank application! It really works, and takes pictures of anyone trying to access your iPhone. Big Brother is the only iPhone app which sets off an alarm AND takes a photo if the user presses the home button!

      Want to know if someone has been sneaking a peak at your iPhone 4?
      Turn on Big Brother, LOCK it, turn off your iPhone, and you're set!
      Whenever a person enters an incorrect password, the device will take two photos!"

      Not duplicating functionality in the iPhone, not actually stealing your passcode (just its own user settable one is sent back).

      --
      If all else fails, immortality can always be assured by spectacular error.
  3. Evil Developer! by tehniobium · · Score: 2

    This just in: 15% of developers steal the passwords of 80% of all (stupid) users!

    Seriously...isn't this just a tad "evil" behavior? Even if its done to prove a point, surely this guy shouldn't be stealing his users passwords?

    --
    No kitty, this is my pot pie!
  4. Re:Nitpick by calmofthestorm · · Score: 3, Informative

    Not by default; you can set it up that way.

    --
    93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
  5. 1-2-3-4-5? by TheRedDuke · · Score: 4, Funny

    That's amazing! I've got the same combination on my luggage!

    1. Re:1-2-3-4-5? by mrchaotica · · Score: 3, Funny

      It's a special feature of "Spaceballs: The Suitcase."

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    2. Re:1-2-3-4-5? by tverbeek · · Score: 2

      I figured that 5-5-5-5 would be too obvious, so on mine phone I reversed the order.

      --
      http://alternatives.rzero.com/
  6. 1998, lol by AlienIntelligence · · Score: 3, Interesting

    So, the most common age of the user is 13?

    Or the most common age of their offspring?

    -AI

    --
    For me, it is far better to grasp the Universe as it really is than to persist in delusion
  7. Why lock it? by Anonymous Coward · · Score: 4, Funny

    Why lock the iPhone? If you lose it and it is unlocked maybe someone will try to contact someone on your list and return it.

    1. Re:Why lock it? by psithurism · · Score: 2

      it's more likely that the kind of person who'll pick up a phone...

      Will be the average guy/gal in your area. I don't know where your from, but in my area I'd say 80% would return it if it was easy and a small fraction of the remaining 20% would be criminal enough to do anything more than attempt to e-bay it.

      Your confusing people who will find a dropped phone with people who would steal a phone.

  8. the iphone makes good passwords hard... by Sir_Sri · · Score: 2, Insightful

    in general the iphone keyboard makes using #$_*! etc and CaPitaLiz3d passwords harder than it should, which tends to lead to bad security. I'd be interested to know how many people use the same iphone 4 digit code as their PIN for their debit. though it looks like the phone lock is more of a 'get me past this lock quickly', which says a lot about how people want to use their phones.

    1. Re:the iphone makes good passwords hard... by mlts · · Score: 2

      Actually, iPhone passwords are easy. If you use an all numeric passcode, instead of pulling up a full keyboard, it pops up a PINpad with the enter button, just like the pad used for entering a SIM pin.

      So, entering an 8-12 digit PIN can be done quite quickly.

  9. Re:Nitpick by pushing-robot · · Score: 3, Informative

    15% of iPhones are locked using one of ten codes.

    You have ten login attempts before the phone wipes itself.

    Thus, if you try each of the top ten codes on a random iPhone, you have a 15% chance of entering the right code before it wipes itself.

    Also, I think you meant "successive".

    --
    How can I believe you when you tell me what I don't want to hear?
  10. What I find most amazing ... by slinches · · Score: 4, Funny

    What I find most amazing is that the iphone only allows 4 digit 0-9 passcodes. That's only 5040 unique codes if I remember the math correctly.

    --
    Knowledge Brings Fear
    1. Re:What I find most amazing ... by drb226 · · Score: 4, Insightful

      10^4 = 10000

    2. Re:What I find most amazing ... by Anubis+IV · · Score: 2

      It's times like this that you don't correct yourself and just let everyone think it was a joke.

  11. Well, so what? by Evro · · Score: 2

    I have a trivial code on my iPhone, just there to provide a speedbump. If my phone were to be lost I'd change my personal & work email passwords. So what? Is anyone supposed to assume that the iPhone passcode provides any real security? If the phone auto-locks after 3 minutes, who wants to put in a 20-character passphrase? BTW, the iPhone passcode is not limited to 4 digits, you can use the entire alphanumeric keyboard, up to at least 10 chars.

    --
    rooooar
  12. Re:5683? by Aladrin · · Score: 3, Informative

    It spells LOVE on the keypad.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  13. Re:Nitpick by jesseck · · Score: 2

    Also, I think you meant "successive".

    No, he was just being optimistic about guessing wrong.

  14. Re:5683? by JamesP · · Score: 2

    Good thing my password spells LOUD on the iPhone

    Oh wait...

    --
    how long until /. fixes commenting on Chrome?
  15. Re:Nitpick by mysidia · · Score: 3, Informative

    is that if someone steals or finds a lost iPhone, he has a 15% chance of unlocking the device and accessing the data within before it gets wiped just by trying out the passwords on the aforementioned top 10 list."

    I think that might be off -- If someone steals or finds a lost, working iPhone; he probably has a 80 - 90% chance of finding the device not secured with a passcode to begin with.

    If he happened to get so unlucky as to find one of the 20% of iPhones with a passcode; he has a 15% chance of unlocking that locked device.

    That brings it closer to a 100% chance of gaining access to it; if the found phone works at all -- only an 85% chance of it using an uncommon passcode. Just because it's uncommon doesn't mean unguessable -- it depends on how much the thief knows or can find out about the person. If the thief gets the wallet too, they might try the birthdate on drivers license or do other research about numbers significant to the person (increasing chances of an unlock beyond 15% for fixed common) -- if we include things like phone numbers, anniversary year, 15% might be a real low ball for the amount of passcodes based on such guessable concepts.

  16. Re:Interesting trend. by NewWorldDan · · Score: 2

    RTFA.

    5683, with letter substitutions, spells LOVE.

    I'm pleased to see that none of the 4 number codes I use in daily life made the top 10 list. If someone wants to steal my bike, they'll have to work at it a bit longer.

  17. Re:Nitpick by blueg3 · · Score: 3, Insightful

    It brings it closer to an 83% chance of accessing it, actually. Not 100%. (15% of top passcodes x only 20% of iPhones locked = 3% of total iPhones use one of the top passcodes).

  18. So wait 5309 isn't one of them? by NotSoHeavyD3 · · Score: 2

    I'm going to have to call Jenny about this

    --
    Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
  19. Re:Nitpick by mysidia · · Score: 3, Interesting

    Of course, my preference would be for the thief to keep using the phone, and hopefully Find My iPhone would enable me to actually recover the phone.

    I have mixed thoughts about that. If more people reported their phone stolen immediately, to have the IMEI blocked by all the cell networks, it could be somewhat a deterrant against theft too. If you want to add a pascode remotely, better remove sensitive data too.

    The Find My iPhone function may indeed be used by some people in those situations.

    There is also a problem, that if you don't have it deactivated immediately, and the thief racks up a few thousand in usage charges, e.g. international calls (your phone used by the thief to fraudulently re-sell toll calls) or overseas data roaming, you could be on the hook for some serious $$ in some cases.

    The lost iPhone may be $600 to replace, but at least you can be confident there is such a strict limit to your losses, if you do brick/deactivate the phone's service before the perp can abuse the phone's access to your account.

    It should be noted the passcode protection is only good against unsophisticated thieves. There are ways to bypass the passcode and then remove it/view it, or gain access to all data on an iPhone, without requiring any silliness of attempts, or trying to guess the passcode.

    That is there are some people who can gain access to 100% of fully working iPhones, with physical access and sufficient motive, common passcode or not.

    For this reason.... I don't think there's anything irrational about the decision to use a weak/easy passcode.
    Until Apple actually encrypts all data on the phone with the authenticator, that is, and use biometrics, such as face recognition, rather than manual entry of digits.