The Most Common iPhone Passcodes 192
Orome1 writes "The problem of poor passwords is not confined to computer use, and that fact was illustrated by an app developer who has added code to capture user passcodes to one of its applications. 'Because Big Brother's [the app in question] passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes,' says Daniel Amitay. It turns out that of the 204,508 recorded passcodes, 15% were one of the most common ten."
First post (Score:2)
Number 0001!
What? (Score:2)
Re: (Score:2)
No 4242?
Or 6969
Re: (Score:2)
69 is the new 42
Maybe if you're Hugh Hefner.
Re:What? (Score:4, Informative)
Re:What? (Score:5, Funny)
Here's a question... (Score:4, Interesting)
...how did an app like "Big Brother" make it onto the App(le) store?
I thought they paid people to test each app before approval; you know, as a first defense against apps that look to imitate the lock screen and steal passcodes...
Re:Here's a question... (Score:5, Informative)
App in question in action [youtube.com]. Description from the video :
"This is not a prank application! It really works, and takes pictures of anyone trying to access your iPhone. Big Brother is the only iPhone app which sets off an alarm AND takes a photo if the user presses the home button!
Want to know if someone has been sneaking a peak at your iPhone 4?
Turn on Big Brother, LOCK it, turn off your iPhone, and you're set!
Whenever a person enters an incorrect password, the device will take two photos!"
Not duplicating functionality in the iPhone, not actually stealing your passcode (just its own user settable one is sent back).
Re: (Score:2)
Re: (Score:2)
Yeah because the iPhone was never locked in the first place, just running the app. That's why it sounds an alarm when you quit the app.
Re: (Score:2)
Want to know if someone has been sneaking a peak at your iPhone 4?
Or don't leave you phone out lying around where anyone can grab it.
Re: (Score:2)
Hidden functionality in otherwise acceptable apps has made it in occasionally. I was able to pick up a copy of HandyLight about a year back. On the surface, it's a simple flashlight app, which allowed you to choose differently colored lights. In fact, however, it was an app that allowed the user to tether their iPhone with their computer if the proper color combination was input and the correct network settings were used. Apple pulled it down within a few hours of its initial release, but not before the new
Re: (Score:2)
Thankfully, Apple has never pulled the trigger and removed apps like that which users have purchased, so I've actually been able to use it on a few occasions since then, though I try not to abuse it (especially since AT&T is apparently cracking down on illicit tethering of this sort, forcing the people doing it to either buy a tethering data plan or else cease doing it), and haven't used it in a few months.
Hah, I remember that app. I don't remember where I read this (probably somewhere linked from Daringfireball) but developers that have the iCloud pre-release that allows you to download already purchased apps directly to your device reported the option to download apps even if they have been removed from the appstore since they have been paid for. So that's good news if it extends to the final version.
Re: (Score:2)
So they don't check what data is being sent out by the app? That would seem to be a fairly basic security check, and I'd expect to see it mentioned in the EULA.
This highlights a common problem with permission systems on mobiles (it affects Android too). You give permission for an app to know your location, but can't then control if it sends that information anywhere.
Re: (Score:2)
On Android: Internet permission flag, and if rooted, Droidwall (iptables frontend, can filter on a per-app basis)
Note : Root is not the same as jailbreak, root is just enable the "su" binary, and can be done with standard SDK on phones with unlocked bootloaders (and is usually easy to flash a new, unlocked bootloader / kernel on a phone - often with the phone's own flash tools)
Re: (Score:2)
Problem is most apps need the internet permission to do anything useful with your location. For example a mapping app will need to download map tiles for display, but there is no distinction between that and it sending your location to someone else.
I used to have my Galaxy S rooted but since 2.3 you have only been able to do it via a custom kernel which I don't want to mess about it. Shame as it was handy.
Re: (Score:2)
I'm under the impression that the App Store reviewers don't actually have access to the source code of your app, just the binary. This, combined with the use of HTTPS, makes it impossible for them to tell what data is being sent. All they know is that data is being sent, and what URL it's being sent to.
Evil Developer! (Score:3)
This just in: 15% of developers steal the passwords of 80% of all (stupid) users!
Seriously...isn't this just a tad "evil" behavior? Even if its done to prove a point, surely this guy shouldn't be stealing his users passwords?
Re: (Score:2)
This just in: 15% of developers steal the passwords of 80% of all (stupid) users!
Seriously...isn't this just a tad "evil" behavior? Even if its done to prove a point, surely this guy shouldn't be stealing his users passwords?
'A tad' evil like smoking 3 packs of cigarettes is 'a tad' bad for you or coke has 'a tad' of sugar. This is spyware plain and simple.
I would not do this myself, but if the data's already out there I have no ethical qualms discussing and analysing it. I find it interesting that 2580 popped up. I would not have guessed that. Lots of users into kittens and ponies I guess?
Re: (Score:2)
2580 is the only set of 4 digits in a straight line on the keypad (straight down the middle).
Re: (Score:2)
2580 is equivalent to 'asdf' on a normal keyboard.
Re: (Score:2)
3 packs of cigarettes is a tad bad for you. If you only smoke 3 packs during your entire life the adverse effects are going to be minimal to the point of being hard to identify.
Re: (Score:2)
According to the chart in TFA, it did.
Re: (Score:2)
From the developer's web site:
Yesterday I posted an analysis of the Most Common iPhone Passcodes, with passcode data taken from my Big Brother Camera Security app. As of today at 4:58pm EST, Big Brother has been removed from the App Store. I’m certainly not happy about it, but considering the concerns a few people have expressed regarding the transfer of data from app to my server, it is understandable.
I think I should clarify exactly what data I was referring to, and how I was obtaining it. First, these passcodes are those that are input into Big Brother, not the actual iPhone lockscreen passcodes. Second, when the app sends this data to my server, it is literally sending only that number (e.g. “1234”) and nothing else. I have no way of identifying any user or device whatsoever.
Re: (Score:2)
"I haven't actually compromised your iPhone, all I've done is publish the results data-mining your passwords... trust me!"
About as far as I can throw you, Jackass.
Re: (Score:2)
On a smartphone though, the threat isn't that the thief will get your phone and rack up a bill. It's that they can get all your personal data. Contacts, usernames for any sites/services you use on the phone, etc.
Worse: most people have their mail application set to remember password. So they can read all your mail, or send mail pretending to be you. Similarly with apps like Facebook - these are generally left logged in/password remembered. So even if your various passwords are long and difficult to guess, t
1-2-3-4-5? (Score:5, Funny)
Re: (Score:2)
Please show me where you get 5 combination luggage? I'm still struggling to finding any with more than 3 combos :D
Re:1-2-3-4-5? (Score:4, Funny)
It's a special feature of "Spaceballs: The Suitcase."
Re: (Score:2)
You're doing the joke wrong.
Re: (Score:3)
I figured that 5-5-5-5 would be too obvious, so on mine phone I reversed the order.
1998, lol (Score:4, Interesting)
So, the most common age of the user is 13?
Or the most common age of their offspring?
-AI
Re: (Score:2)
Or they graduated in 1998 and they're around 30.
Re: (Score:2)
So, the most common age of the user is 13?
Or the most common age of their offspring?
-AI
Or the last year we remember that didn't royally suck. Y2K, 9/11, and the decade of hypercapitalist deception that ensued... yeah, I miss the 90's. The music was better too.
Re: (Score:2)
If I had a choice between 2000s and1990s I would choose the latter though. IMHO, it was the decade of greatest technological progress since the 60s.
Re: (Score:2)
As a matter of fact I don't remember those bands, aside from recognizing the names. I couldn't name a single song by any of them (with the obvious exception of Jackson, who transcends the 1990s). That's because I had stopped listening to whatever's-in-fashion music by the 90s, and since then I've just followed my own interests and that of people around me (e.g. on community radio). Complaining about crappy pop music is like complaining about crappy fast food: no one's forcing you to eat it.
Re: (Score:2)
Re: (Score:2)
You have the whitest taste in music ever.
Re: (Score:2)
And the kids stayed offa my lawn!
Why lock it? (Score:4, Funny)
Why lock the iPhone? If you lose it and it is unlocked maybe someone will try to contact someone on your list and return it.
Re: (Score:2)
Why lock the iPhone? If you lose it and it is unlocked maybe someone will try to contact someone on your list and return it.
Because it's more likely that the kind of person who'll pick up a phone that doesn't belong to them will run up a huge bill calling a foreign country and buy lots of apps if you don't have that locked down?
Re: (Score:2)
Re: (Score:3)
it's more likely that the kind of person who'll pick up a phone...
Will be the average guy/gal in your area. I don't know where your from, but in my area I'd say 80% would return it if it was easy and a small fraction of the remaining 20% would be criminal enough to do anything more than attempt to e-bay it.
Your confusing people who will find a dropped phone with people who would steal a phone.
Re: (Score:2)
it's more likely that the kind of person who'll pick up a phone...
Will be the average guy/gal in your area. I don't know where your from, but in my area I'd say 80% would return it if it was easy and a small fraction of the remaining 20% would be criminal enough to do anything more than attempt to e-bay it.
Your confusing people who will find a dropped phone with people who would steal a phone.
Nope. Where I live, if you lose your phone you better make tracks and report it ASAP. Many horror stories about lost phones.
Re: (Score:2)
Generally stories about, I left my phone at a bar and went back later to collect it don't spread as well as the horror stories.
I've left a wallet in a bar and dropped it outside of a shop. I've left a phone on a train, another in a cinema and yet another at a club. Every single one was handed in, with nothing taken. I've also found wallets and phones, and either phoned the owner or
Re: (Score:2)
I've found and returned at least two phones in the past few years. I've never stolen one (but I've had at least three attempts at stealing mine).
Re: (Score:2)
Why lock the iPhone? If you lose it and it is unlocked maybe someone will try to contact someone on your list and return it.
Because most people aren't trying to protect themselves from strangers, they are trying to keep their indiscretions secret from people they know. An Iphone user not wanting his boyfriend knowing he's been seeing other men is more important in their mind then keeping their confidential and compromising data secure.
Re: (Score:2)
Yes, there are some really SICK people out there.
Re: (Score:2)
the iphone makes good passwords hard... (Score:3, Insightful)
in general the iphone keyboard makes using #$_*! etc and CaPitaLiz3d passwords harder than it should, which tends to lead to bad security. I'd be interested to know how many people use the same iphone 4 digit code as their PIN for their debit. though it looks like the phone lock is more of a 'get me past this lock quickly', which says a lot about how people want to use their phones.
Re: (Score:2)
My passcode set to get me past the lock screen quickly - entering a complex code every time I wanted to do/check something on my phone would be absurd. But I've also got it set to wipe after 10 tries, so anyone who finds it is very unlikely to guess the code before getting in and seeing my stuff. Even if they did, Find My iPhone lets me do a remote lock/wipe. No big deal.
Re: (Score:3)
Actually, iPhone passwords are easy. If you use an all numeric passcode, instead of pulling up a full keyboard, it pops up a PINpad with the enter button, just like the pad used for entering a SIM pin.
So, entering an 8-12 digit PIN can be done quite quickly.
Re: (Score:2)
Wow ... so it does! Thank you good sir.
This was what was stopping me moving away from the default 4-number simple PIN. I thought that soon as I enabled complex passwords it'd give me the whole keyboard (hard to type on quickly with one hand). But yep if you keep it all-numeric it keeps the standard keypad. That's awesome, and allows me to increase my PIN to 8+ digits without making it harder to type.
Re: (Score:2)
in general the iphone keyboard makes using #$_*! etc and CaPitaLiz3d passwords harder than it should...
No it doesn't and if you think so why? You press Shift for caps, .?123 for numbers and common special characters, and #+= for less common special characters? What magic keyboard do you have that allows access to all of those at once? Sheesh.
Re: (Score:2)
right now there are 4 keyboard screens, which would work just as well with 2 that take up the entire screen, rather than half it takes up now.
Re: (Score:2)
In particular, iOS 4 and later supports data protection, and how secure do you think it is with only 10000 values possible for a passcode?
So wait... (Score:2)
The guy steals people's passwords, then posts about it?
Re: (Score:2)
The passcode to his app, which is a gimmick app to imitate the real lockscreen and take a picture when the wrong code is entered. Doesn't actually expose any data or anything.
What I find most amazing ... (Score:5, Funny)
What I find most amazing is that the iphone only allows 4 digit 0-9 passcodes. That's only 5040 unique codes if I remember the math correctly.
Re:What I find most amazing ... (Score:5, Insightful)
Re: (Score:2)
You can use any alphanumeric + symbols code you want. Most people just use the simple numerical code because it's quick, easy, and does the job. If you guess wrong too many times the phone will enforce a timeout between guesses and you can set it to wipe if too many wrong guesses are entered.
And you remembered the math incorrectly. It's 10,000 unique codes. Your value is for the number of codes with no repeated numbers.
Re: (Score:2)
The iPhone has had the choice of 4-digit PIN-style codes or longer alpha-numeric codes for quite a while now.
Re: (Score:2, Redundant)
Correction, it's only 5040 if it disallowed repeat numbers. I was over-thinking it a bit. It's 10,000 possible numbers 0000-9999.
Re: (Score:3)
It's times like this that you don't correct yourself and just let everyone think it was a joke.
Re: (Score:2)
It's almost a non-point.
The only time you'd need it is if it's lost - in which case it's somewhat a moot point, due to lack of storage encyption. Otherwise, the device is in your pocket, on your person, or otherwise in your 'immediate' control (such as on a bedside next to your girlfriend, who would otherwise be tempted to see if you're still sleeping around).
Personally, I prefer the 'swipe' functiononality available on Android. Less secure, mathematically, but quite a bit more functional.
Well, so what? (Score:2)
I have a trivial code on my iPhone, just there to provide a speedbump. If my phone were to be lost I'd change my personal & work email passwords. So what? Is anyone supposed to assume that the iPhone passcode provides any real security? If the phone auto-locks after 3 minutes, who wants to put in a 20-character passphrase? BTW, the iPhone passcode is not limited to 4 digits, you can use the entire alphanumeric keyboard, up to at least 10 chars.
What do these screens actually look like? (Score:2)
If the application used a "swipe to unlock" type of mechanism to emulate the iPhone's unlocking mechanism, then this violates an Apple patent.
Appetite for patterns (Score:2)
I did a study on mobile passwords, be them numeric or graphical. The conclusion was the same for each and every password method: people usually choose graphical configurations like crosses, spirals and diagonal lines. They rarely choose the numbers or focal points of the images that were on the background.
Re: (Score:2)
Sounds about right. My girlfriend has the ability to instantly memorize anyone's pincode for years (people don't believe it and so they're dumb enough to tell her), she doesn't actually remember the numbers but seems to remember the pattern on a grid. She could have a great career as a shoulder-surfer.
Re: (Score:2)
I thought this was the normal way of memorising typed numbers. It's certainly the way I've always done it.
If you ask me to quote my bank card PIN, or the code on the security system at the office etc. or ask me to type them on a randomly ordered keypad (or the number keys across the top of a QWERTY keyboard), I will not be able to do it very easily. I would have to visualise a normal keypad, move my hand across it in my mind, then figure out which numbers I pressed.
That is to say, I know my various PINs onl
Interesting trend. (Score:2)
Top ten PIN codes:
1234
0000
2580
1111
5555
5683
0852
2222
1212
1998
This interesting. 5683, 2580, 0852 don't seem to have any special significance, they aren't even a particular pattern on the keypad, nor especially natural to punch in, ie right handed, using your thumb.
Is th
Re: (Score:2)
Re: (Score:2)
2580 is a straight line down.
0852 is a straight line up
I dunno about 5683, I find that one little bit weird
Re: (Score:3)
RTFA.
5683, with letter substitutions, spells LOVE.
I'm pleased to see that none of the 4 number codes I use in daily life made the top 10 list. If someone wants to steal my bike, they'll have to work at it a bit longer.
Re: (Score:2)
I like using combinations of interesting numbers and math/physics constants. If you use the more esoteric ones (think Ramanujan's number or the first 3 Fermat numbers), then you also learn new and interesting numbers.
Re: (Score:2)
Um, no. (Score:2)
All this says is that 15% were one of the top 10 FOR HIS APP. This makes the very large assumption that people who were paranoid enough to buy his app are going to be fooled and use the same password that they do to lock the phone. They very well might, but his app doesn't prove that.
Not a lot of Catholics with iPhones I guess (Score:2)
2046 didn't make the top 10.
The Plague (Score:2)
So wait 5309 isn't one of them? (Score:3)
Re:Nitpick (Score:4, Informative)
Not by default; you can set it up that way.
Re:Nitpick (Score:4, Informative)
15% of iPhones are locked using one of ten codes.
You have ten login attempts before the phone wipes itself.
Thus, if you try each of the top ten codes on a random iPhone, you have a 15% chance of entering the right code before it wipes itself.
Also, I think you meant "successive".
Re: (Score:3)
Also, I think you meant "successive".
No, he was just being optimistic about guessing wrong.
Re: (Score:2)
The whole thing is flawed. His is a gimmicky free app. Clearly most users downloaded it, tested it with a stupid passcode, like the 2 most common "1234" and the app default "0000" and then quickly forgot about it. Got to give him props for PR though, who knows how many downloads is he going to get out of this story.
Re:Nitpick (Score:4, Informative)
is that if someone steals or finds a lost iPhone, he has a 15% chance of unlocking the device and accessing the data within before it gets wiped just by trying out the passwords on the aforementioned top 10 list."
I think that might be off -- If someone steals or finds a lost, working iPhone; he probably has a 80 - 90% chance of finding the device not secured with a passcode to begin with.
If he happened to get so unlucky as to find one of the 20% of iPhones with a passcode; he has a 15% chance of unlocking that locked device.
That brings it closer to a 100% chance of gaining access to it; if the found phone works at all -- only an 85% chance of it using an uncommon passcode. Just because it's uncommon doesn't mean unguessable -- it depends on how much the thief knows or can find out about the person. If the thief gets the wallet too, they might try the birthdate on drivers license or do other research about numbers significant to the person (increasing chances of an unlock beyond 15% for fixed common) -- if we include things like phone numbers, anniversary year, 15% might be a real low ball for the amount of passcodes based on such guessable concepts.
Re: (Score:2)
If someone steals or finds a lost, working iPhone; he probably has a 80 - 90% chance of finding the device not secured with a passcode to begin with.
Jeebus. I lock my android phone, and my nook color which runs android, with the swipe lock. My friends and their ipad? Not so much, and they're nerds who should know better
Re: (Score:2)
I never locked my iphone until I accidentally left it somewhere. Fortunately, it was there when I got there but I'd have been boned if someone picked it up and did nefarious things with it before I could reset passwords/passcodes.
Now it's set to lock after 5 minutes of non-use and to nuke itself after 10 bad passcodes.
And no, I don't use the same PIN on my ATM card.
Re: (Score:2)
Re: (Score:2)
If I found a locked phone I would keep it nearby and wait for it to ring.
(Sorry, I posted this in the wrong thread first time. Now I have to make a pointless change in order to re-submit...)
Re:Nitpick (Score:4, Insightful)
It brings it closer to an 83% chance of accessing it, actually. Not 100%. (15% of top passcodes x only 20% of iPhones locked = 3% of total iPhones use one of the top passcodes).
Re: (Score:2)
If I found a locked phone I would keep it nearby and wait for it to ring.
Re: (Score:2)
The good news is, with Find My iPhone (free since iOS 4) you can remotely set a lockscreen code AFTER it has been stolen. So if you a) don't have any super-secret stuff on your phone and b) notice it missing soon after it's stolen, the worst that will happen is the thief will make some calls and use some data. Of course, my preference would be for the thief to keep using the phone, and hopefully Find My iPhone would enable me to actually recover the phone.
Re:Nitpick (Score:4, Interesting)
Of course, my preference would be for the thief to keep using the phone, and hopefully Find My iPhone would enable me to actually recover the phone.
I have mixed thoughts about that. If more people reported their phone stolen immediately, to have the IMEI blocked by all the cell networks, it could be somewhat a deterrant against theft too. If you want to add a pascode remotely, better remove sensitive data too.
The Find My iPhone function may indeed be used by some people in those situations.
There is also a problem, that if you don't have it deactivated immediately, and the thief racks up a few thousand in usage charges, e.g. international calls (your phone used by the thief to fraudulently re-sell toll calls) or overseas data roaming, you could be on the hook for some serious $$ in some cases.
The lost iPhone may be $600 to replace, but at least you can be confident there is such a strict limit to your losses, if you do brick/deactivate the phone's service before the perp can abuse the phone's access to your account.
It should be noted the passcode protection is only good against unsophisticated thieves. There are ways to bypass the passcode and then remove it/view it, or gain access to all data on an iPhone, without requiring any silliness of attempts, or trying to guess the passcode.
That is there are some people who can gain access to 100% of fully working iPhones, with physical access and sufficient motive, common passcode or not.
For this reason.... I don't think there's anything irrational about the decision to use a weak/easy passcode.
Until Apple actually encrypts all data on the phone with the authenticator, that is, and use biometrics, such as face recognition, rather than manual entry of digits.
Re: (Score:2)
This is why phone insurance is a good idea for anyone who has a handset worth more than a couple of hundred and a contract. Insurance covers you for loss, theft or damage to the handset and also covers any fraudulent calls made on the device.
Block phone, claim on insurance, get replac
Re:5683? (Score:4, Informative)
It spells LOVE on the keypad.
Re: (Score:3)
Good thing my password spells LOUD on the iPhone
Oh wait...
Re: (Score:2)
pfft, it spells LOUD.
Love as a password, what a silly species... somewhat nauseatingly lame.
Re: (Score:2)
Says so right in TFA: 5683 lines up with the letters L-O-V-E
You know, because chicks use phones too.
Re: (Score:2)
No idea. But something important clearly happened on 5 June 1983. :)
Re: (Score:2)