• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

I Like Kill Nerds

The blog of Australian Front End / Aurelia Javascript Developer & brewing aficionado Dwayne Charrington // Aurelia.io Core Team member.

  • Home
  • Aurelia 2
  • Aurelia 1
  • About
  • Aurelia 2 Consulting/Freelance Work

The Most Common iPhone Passcodes (and how to guess them)

General · September 22, 2014

Apple’s much touted new feature in iOS 8 is the inability for lawful law enforcement requests to unlock their phone without the passcode.

In previous versions of iOS, law enforcement officials could obtain a phone and send it to Apple to get it unlocked, because of a change in how phones are encrypted, Apple can no longer do this.

But there is another way for law enforcement and attackers to still get in: guessing the passcode. To contrary belief, most passcodes are easily guessable for law enforcement or an attacker as people generally only use a small subset of criteria for their passcodes.

Do you fit in any of these categories?

  • Your date of birth: A date of birth is the perfect length and easily rememberable.
  • Your year of birth: If you are using a 4 digit simplified passcode, it is popular choice to use your year of birth as the passcode.
  • A numeric pattern: This is a popular choice and one I’ve used before, creating a passcode based on the numeric keypad square. Examples include; 0000, 1111, 1234, 1379, 2468, 1357. It depends on the individual but numbers in patterns make a lot of logic sense for some people. I used a similar pattern in the old Nokia days.
  • Anniversary date: Another popular choice is to use the date of a significant anniversary like a wedding anniversary.
  • A child’s birthday: A popular choice amongst parents is to use the date of birth or year of birth of their first child (or favourite child, ha).

Before You Go Guessing

Remember that iPhone’s (and other Android devices) have the ability to allow you to wipe a phone after X amount of failed attempts. Don’t go wiping your own phone or friends phone, unless you have permission. Also keep in mind phones have a limit on the number of attempts you can make before the phone disables itself.

Putting the theory to the test…

With some basic information in hand, grab the phone of 5 of your friends and family of which you definitely do not know their passcode. Do not allow them to change it beforehand, otherwise they’ll deliberately change it to be something out-of-character.

Give yourself 3 attempts to guess the passcode. How many of those five could you have successfully guessed? I tried the same and the results were surprising, I was able to guess 3 out of the 5 users phone passcodes in 3 attempts or less.

While it would depend on the individual, the average user doesn’t actually think of the security implications that much when it comes to a phone passcode. Details such as a date or year of birth are really easy to obtain.

This is not to say that out of 5 of your friends and family you will guess three, it’s possible you might guess none or guess all 5, there is no constant here, it is all highly variable, but very interesting nonetheless.

Dwayne

Leave a Reply Cancel reply

4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Hi I won't give my name
Hi I won't give my name
7 years ago

This is nice

0
Not saying
Not saying
6 years ago

How do they know

-1
Jane
Jane
6 years ago

Well then I guess I better change my password because if some one some how gets my phone they could easily hack it because my password is 1234 but I will now change it to 0000 because not as many people have that
Thank you so much for your help, it has really inspired me
Your sincerely,
Jane Johnson xoxo

Call me if you need, I don’t mind if the whole world knows my number and password. It really doesn’t bother me.
-0499875648
Or
-53517191

0

Primary Sidebar

Popular

  • Testing Event Listeners In Jest (Without Using A Library)
  • How To Get The Hash of A File In Node.js
  • Which Neural DSP Archetype Plugins Should You Buy?
  • Smoke Detector Randomly Goes Off Early Hours of The Morning
  • Neural DSP Reveal Details About the Long-Awaited Quad Cortex Desktop Editor
  • How To Mock uuid In Jest
  • Web 3.0 may have died before it even started
  • Deno Raises $21M - but is anyone using it yet?
  • How To Decompile And Compile Android APK's On A Mac Using Apktool
  • NBN Box Installed Inside of Garage, Where Do You Put The Modem?

Recent Comments

  • Jay on Neural DSP Reveal Details About the Long-Awaited Quad Cortex Desktop Editor
  • john on Deno Raises $21M – but is anyone using it yet?
  • Oranges on How To Store Users In Firestore Using Firebase Authentication
  • Precious on Fixing Sequel Pro SQL Encoding Error For Imported SQL Files
  • James on A List of WordPress Gutenberg Core Blocks

Copyright © 2022 · Dwayne Charrington · Log in

wpDiscuz