Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Most Common iPhone Passcodes

Posted by Soulskill on from the one-two-three-four dept.

Orome1 writes "The problem of poor passwords is not confined to computer use, and that fact was illustrated by an app developer who has added code to capture user passcodes to one of its applications. 'Because Big Brother's [the app in question] passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes,' says Daniel Amitay. It turns out that of the 204,508 recorded passcodes, 15% were one of the most common ten."

16 of 192 comments (clear)

  1. Here's a question... by jojoba_oil · · Score: 3, Interesting

    ...how did an app like "Big Brother" make it onto the App(le) store?

    I thought they paid people to test each app before approval; you know, as a first defense against apps that look to imitate the lock screen and steal passcodes...

    1. Re:Here's a question... by CharlyFoxtrot · · Score: 4, Informative

      App in question in action. Description from the video :

      "This is not a prank application! It really works, and takes pictures of anyone trying to access your iPhone. Big Brother is the only iPhone app which sets off an alarm AND takes a photo if the user presses the home button!

      Want to know if someone has been sneaking a peak at your iPhone 4?
      Turn on Big Brother, LOCK it, turn off your iPhone, and you're set!
      Whenever a person enters an incorrect password, the device will take two photos!"

      Not duplicating functionality in the iPhone, not actually stealing your passcode (just its own user settable one is sent back).

      --
      If all else fails, immortality can always be assured by spectacular error.
  2. Re:Nitpick by calmofthestorm · · Score: 3, Informative

    Not by default; you can set it up that way.

    --
    93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
  3. 1-2-3-4-5? by TheRedDuke · · Score: 4, Funny

    That's amazing! I've got the same combination on my luggage!

    1. Re:1-2-3-4-5? by mrchaotica · · Score: 3, Funny

      It's a special feature of "Spaceballs: The Suitcase."

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  4. 1998, lol by AlienIntelligence · · Score: 3, Interesting

    So, the most common age of the user is 13?

    Or the most common age of their offspring?

    -AI

    --
    For me, it is far better to grasp the Universe as it really is than to persist in delusion
  5. Why lock it? by Anonymous Coward · · Score: 4, Funny

    Why lock the iPhone? If you lose it and it is unlocked maybe someone will try to contact someone on your list and return it.

  6. Re:Nitpick by pushing-robot · · Score: 3, Informative

    15% of iPhones are locked using one of ten codes.

    You have ten login attempts before the phone wipes itself.

    Thus, if you try each of the top ten codes on a random iPhone, you have a 15% chance of entering the right code before it wipes itself.

    Also, I think you meant "successive".

    --
    How can I believe you when you tell me what I don't want to hear?
  7. What I find most amazing ... by slinches · · Score: 4, Funny

    What I find most amazing is that the iphone only allows 4 digit 0-9 passcodes. That's only 5040 unique codes if I remember the math correctly.

    --
    Knowledge Brings Fear
    1. Re:What I find most amazing ... by drb226 · · Score: 4, Insightful

      10^4 = 10000

  8. Re:5683? by Aladrin · · Score: 3, Informative

    It spells LOVE on the keypad.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  9. Re:Nitpick by mysidia · · Score: 3, Informative

    is that if someone steals or finds a lost iPhone, he has a 15% chance of unlocking the device and accessing the data within before it gets wiped just by trying out the passwords on the aforementioned top 10 list."

    I think that might be off -- If someone steals or finds a lost, working iPhone; he probably has a 80 - 90% chance of finding the device not secured with a passcode to begin with.

    If he happened to get so unlucky as to find one of the 20% of iPhones with a passcode; he has a 15% chance of unlocking that locked device.

    That brings it closer to a 100% chance of gaining access to it; if the found phone works at all -- only an 85% chance of it using an uncommon passcode. Just because it's uncommon doesn't mean unguessable -- it depends on how much the thief knows or can find out about the person. If the thief gets the wallet too, they might try the birthdate on drivers license or do other research about numbers significant to the person (increasing chances of an unlock beyond 15% for fixed common) -- if we include things like phone numbers, anniversary year, 15% might be a real low ball for the amount of passcodes based on such guessable concepts.

  10. Re:Nitpick by blueg3 · · Score: 3, Insightful

    It brings it closer to an 83% chance of accessing it, actually. Not 100%. (15% of top passcodes x only 20% of iPhones locked = 3% of total iPhones use one of the top passcodes).

  11. Re:What? by zonky · · Score: 3, Informative

    Password use is going to be interesting. Bet 99% are the same as their PIN for any cards, and the same as a home alarm.

  12. Re:What? by PopeRatzo · · Score: 4, Funny

    No 4242?

    I use the last four digits of pi as my code.

    --
    You are welcome on my lawn.
  13. Re:Nitpick by mysidia · · Score: 3, Interesting

    Of course, my preference would be for the thief to keep using the phone, and hopefully Find My iPhone would enable me to actually recover the phone.

    I have mixed thoughts about that. If more people reported their phone stolen immediately, to have the IMEI blocked by all the cell networks, it could be somewhat a deterrant against theft too. If you want to add a pascode remotely, better remove sensitive data too.

    The Find My iPhone function may indeed be used by some people in those situations.

    There is also a problem, that if you don't have it deactivated immediately, and the thief racks up a few thousand in usage charges, e.g. international calls (your phone used by the thief to fraudulently re-sell toll calls) or overseas data roaming, you could be on the hook for some serious $$ in some cases.

    The lost iPhone may be $600 to replace, but at least you can be confident there is such a strict limit to your losses, if you do brick/deactivate the phone's service before the perp can abuse the phone's access to your account.

    It should be noted the passcode protection is only good against unsophisticated thieves. There are ways to bypass the passcode and then remove it/view it, or gain access to all data on an iPhone, without requiring any silliness of attempts, or trying to guess the passcode.

    That is there are some people who can gain access to 100% of fully working iPhones, with physical access and sufficient motive, common passcode or not.

    For this reason.... I don't think there's anything irrational about the decision to use a weak/easy passcode.
    Until Apple actually encrypts all data on the phone with the authenticator, that is, and use biometrics, such as face recognition, rather than manual entry of digits.