I’ve written several (1, 2, 3) posts about the analysis of passwords divulged by groups like LulzSec. The results were terrifyingly consistent: 123456 and password were almost always the most frequently used passwords. Now Daniel Amitay author of the Big Brother Camera Security App for the iPhone has some interesting results for iPhone pins.
Because his app has a lock screen nearly identical to the iPhone phone lock screen, he collected (anonymized) statistics on what codes were being used for his app in the hopes that it could tell us something about what how users are selecting their iPhone lock codes. He collected 204,508 codes and calculated their frequencies. Among other things, Amitay found that the top ten most common pins accounted for 15% of all passcodes.
Without reading further, try to guess the top four most popular pins. Hint: It’s not hard. The number one pin is, of course, 1234 followed by 0000. The next two are 2580 (going down the middle column) and 1111. The next 6 aren’t much harder to guess. Another common scheme is to use the user’s birth year.
Amity also looks at the most common digit for each of the four positions. The most common first digit is 1 by a large margin. If you squint a bit, it almost looks as if the pins obey Benford’s law. The second, third, and fourth digits are more uniform.
The post is an interesting, if depressing, read. As Amitay points out, for a random iPhone a cracker has a 15% chance of unlocking the phone before the automatic data wipe feature is activated. Considering that smartphones like the iPhone often contain confidential data or access to confidential data this is bad news.
In a sad endnote, Amitay has had his app removed from the App Store for his trouble. Apparently Apple was concerned that he was harvesting the Apple lock codes or something. Amitay is discussing the matter with Apple and we can hope that he will have the whole thing straightened out soon.