A few weeks ago, Tarah Wheeler, the senior director of Data trust, Threat, and Vulnerability Management at Splunk, shared a list of the most common PIN codes people use to protect their smartphones (and, given how the human brain works, other things like their bank card).
Wheeler claimed that 26% of all phones could be cracked with the top 20 PIN codes. I was a little skeptical, but then I got out amongst 'real' users.
Must read: Inside a Google Titan Bluetooth security key
Here's the list:
I did some further digging and found that 1234 is by far the most popular, accounting for about 11%, with 1111, 0000, and 1212 accounting for about 6%, 2%, and 1%, respectively.
I didn't believe it. But then I saw it with my own eyes. And no, I wasn't shoulder-surfing in the Apple Store, but I've been exposed to PIN entry for so long that I'm pretty good at spotting the patterns of finger movements.
So yes, people's PIN codes are actually as terrible as research would suggest.
And I think it's been made worse by biometrics because people think that the biometric method supersedes the PIN code, and they use the PIN code much more infrequently now that they don't want to use something too complicated in case they forget it.
iOS 9 did change things and make 6-digit PIN codes the default, but it seems there are a lot of people out there still using 4-digit PINs. That said, I'm sure people will find dumb 6-digit PINs to use too!
Perhaps it is time for iOS and Android to force people to use stronger PIN codes.
If you are using one of the PIN codes above, change it!
- Go to Settings > Face ID & Passcode/Touch ID & Passcode (you will need to enter your existing passcode) > Passcode.
- Tap Turn Passcode On or Change Passcode.
- Enter a 6-digit number.
- There are other passcode options, such a 4-digit numeric code, a custom numeric code, or a custom alphanumeric code. Don't use the four-digit option!
- Go to the Settings app and tap Security & location or Security.
- If you've already have security set you will need to enter your existing PIN, pattern, or password.
- Tap the screen lock option you want to use and follow the on-screen instructions.
- Use at minimum a 6-digit PIN.
Tell me you're not using a rubbish PIN code! But I bet you know plenty of people who do! Let me know below!