PDA

View Full Version : Ten Most Common iPhone Passcodes Revealed




MacRumors
Jun 13, 2011, 04:09 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2011/06/13/ten-most-common-iphone-passcodes-revealed/)


http://images.macrumors.com/article-new/2011/06/passcode_frequency.jpg


iOS developer Daniel Amitay today took an interesting look (http://amitay.us/blog/files/most_common_iphone_passcodes.php) (via The Next Web (http://thenextweb.com/apple/2011/06/13/1234-is-the-most-common-iphone-passcode-app-developer-reveals/)) at iPhone passcode trends as revealed by usage of his popular Big Brother Camera Security (http://appshopper.com/utilities/big-brother-camera-security-for-iphone-4) application.In my last update to Big Brother Camera Security (Free), I added some code to record common user passcodes (completely anonymous, of course). Because Big Brother's passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes.Perhaps unsurprisingly, the most popular passcode for the app was "1234", a choice made by about 4.3% of users. Other popular codes include ones with repeating numbers (such as "0000" and "1111") and patterns on the keypad (such as "2580" and "1212"). All told, Amitay discovered that 15% of the over 200,000 passcodes captured by his app were represented by just ten different passcodes.The implication? A thief (or just a prankster) could safely try 10 different passcodes on your iPhone without initiating the data wipe. With a 15% success rate, about 1 in 7 iPhones would easily unlock--even more if the intruder knows the users' years of birth, relationship status, etc.Beyond the passcodes representing repetitive and patterned entries, Amitay found a higher-than-expected frequency of passcodes in the 1980-2000 range, suggesting that users are prone to using their birth years or years of other significant events in their lives as their passcodes.

Article Link: Ten Most Common iPhone Passcodes Revealed (http://www.macrumors.com/2011/06/13/ten-most-common-iphone-passcodes-revealed/)



ratzzo
Jun 13, 2011, 04:13 PM
So we could say there are a lot of people born in 1998 with an iPhone? :p

jpcanaverde
Jun 13, 2011, 04:13 PM
My passcode is 1337. Haha.

ThE.MeSsEnGeR
Jun 13, 2011, 04:15 PM
wow... 1,425 people in that chart have use the word "love" as a password... interesting ;)

Slix
Jun 13, 2011, 04:25 PM
Good to know so I can hack other's iPhones. Just kidding. ;)

Mine isn't on there. Obviously.

Konrad74
Jun 13, 2011, 04:26 PM
Oh, FFS, do I have to do the Spaceballs quote?

1234? Really? Good thing Apple developed Remote Wipe, then.

appleguy123
Jun 13, 2011, 04:33 PM
My passcode is 8852.

keruah
Jun 13, 2011, 04:40 PM
My passcode is 1337. Haha.

Same here... It's popular, I guess.

Phil A.
Jun 13, 2011, 04:49 PM
Interesting as this is, I feel that collecting passcodes and sending them back to the developer (anonymised or not) is well out of order and may breach several Apple guidelines on data capture and use, not to mention data protection laws

ratzzo
Jun 13, 2011, 04:51 PM
Interesting as this is, I feel that collecting passcodes and sending them back to the developer (anonymised or not) is well out of order and may breach several Apple guidelines on data capture and use, not to mention data protection laws

I agree. Though, you could argue he's not really recording lockscreen passwords (I don't think you could do that through an app either way) but rather he implemented a screen that looked very much like it and so its users put in their lockscreen one. Tricky and deceitful, I guess.

TuffLuffJimmy
Jun 13, 2011, 04:55 PM
I agree. Though, you could argue he's not really recording lockscreen passwords (I don't think you could do that through an app either way) but rather he implemented a screen that looked very much like it and so its users put in their lockscreen one. Tricky and deceitful, I guess.
He's not tricking users into thinking they're at the lock screen, his application simply uses the same lock mechanism. He then published some anonymous results. In what was is that tricky, deceitful, or wrong?

louis Fashion
Jun 13, 2011, 04:55 PM
I wish this info was on the splash page of every computer. We DO need to tighten up. Sony hack, IMF hack, Citi hack, I bet Sony was using 1234 on data like my credit card or what not. Jeeze.

spillproof
Jun 13, 2011, 04:55 PM
0420

cambookpro
Jun 13, 2011, 04:59 PM
Ones I have previously used:

1998
0303
3466
1112
2559
2010
2011
2012
2016

New super secret one now ;)

Phil A.
Jun 13, 2011, 05:01 PM
He's not tricking users into thinking they're at the lock screen, his application simply uses the same lock mechanism. He then published some anonymous results. In what was is that tricky, deceitful, or wrong?

This quote here

In my last update to Big Brother Camera Security (Free), I added some code to record common user passcodes (completely anonymous, of course). Because Big Brother's passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes.


He's sending information gathered by the application back to himself, and I don't see a notice about doing that in the application description (it may say it on the app: I've never installed it so don't know). I don't care if it's anonymised or not, no application should "phone home" without the express permission of the user who's installed it

ratzzo
Jun 13, 2011, 05:03 PM
New super secret one now ;)

Gotta.. fight.. curiosity...

Bah, mine used to be the same one as my credit card, probably a bit dangerous. So I changed it to 9315.

Peteman100
Jun 13, 2011, 05:12 PM
Remind me to change my passcode.... :P

d21mike
Jun 13, 2011, 05:16 PM
This quote here


He's sending information gathered by the application back to himself, and I don't see a notice about doing that in the application description (it may say it on the app: I've never installed it so don't know). I don't care if it's anonymised or not, no application should "phone home" without the express permission of the user who's installed it
+1. If I create a passcode I would assume it is not stored in plain text anywhere. Much less combine it with all of your other customers to say what they are. I have a web site where customers login in with a password. We encrypt it and store it in the database. When the customer comes back they enter the passcode which we encrypt and compare. Never do we retain the original passcode.

deannnnn
Jun 13, 2011, 05:39 PM
I use my alarm code!

jive turkey
Jun 13, 2011, 05:45 PM
Mine is 7883, for 'STUD'

na1577
Jun 13, 2011, 06:24 PM
Mine used to be 2275 for AAPL. :cool:

haruhiko
Jun 13, 2011, 06:42 PM
That's creepy. This is the price for "free"? How can the app upload the user's passcode (most people will set the same code for this app anyway) without permission?

Doctor Q
Jun 13, 2011, 06:42 PM
I use a pseudo-random number generator to pick my passcodes and I change it once every 15 minutes, just to be super-secure. That's how I can be confident that nobody will see my top-secret data, such as the note saying "bring bread and milk on the way home".

Of course that means that once in a while my passcode is 1234 or 0000! :eek:

iScott428
Jun 13, 2011, 06:45 PM
Well this just proves that most iPhone users are foolish, why even put a pass code on your device if it is that simple! If I used a passcode it would also be 1337.

This is such an interesting report, I love this!

garylapointe
Jun 13, 2011, 07:00 PM
I wouldn't be a happy user of that app if I used one of those 10 passwords and they just shared it with the world.

And if my phone is broken into because I use the same passcode...

Gary

Don Kosak
Jun 13, 2011, 07:02 PM
I use a pseudo-random number generator to pick my passcodes and I change it once every 15 minutes, just to be super-secure. That's how I can be confident that nobody will see my top-secret data, such as the note saying "bring bread and milk on the way home".

Of course that means that once in a while my passcode is 1234 or 0000! :eek:

Ha! I have that beat. Not only do I cycle through different lock codes evey 500 milliseconds, I keep my iPhone in a sealed, lead-lined faraday cage encased in a foot of concrete. You can never be too careful.

I do carry around a wallet though, and my cash, driver's license, credit cards and medical card are all in human-readable plain text with no security. hmm

HE15MAN
Jun 13, 2011, 07:17 PM
What's with 1998?

Rodimus Prime
Jun 13, 2011, 07:39 PM
is it sad that none of those numbers are really surprising. Hell I am willing to bet that the same group of numbers used match pin numbers for there debit cards when people are allowed to choose their own. People are way to lazy and have no idea how to create a good pin/password these days.

for a pin
Choose a set of numbers that is significant to you. Make sure it is NOT based on your birthday or kids/wife birthday. and not something stupid like 1234.

Examples are last 4 digits of your first love phone number which will apply to older people here as it is safe to say anyone born in the past 20 years have grown so used to contact list in cell phones.

Use an old phone number from your pass that has not been in use for years.
Old street address.

I am just showing you a list of places to pull 4 digits from that you can remember.

Passwords are even easier as you can base them on simpler things providing you know how to mix them up.

Your last name is Homes kid we are going to day Kevin was born in 2007 and you wife Abby Jane was born in 1983 married 2005 in TX

KH07AJ83TX05. So what you have to remember Kevin Homes, Abby Jane, Texas.

Now it looks like a mess of a password when it is all said and done but really fairly easy to remember.

Analog Kid
Jun 13, 2011, 08:35 PM
wow... 1,425 people in that chart have use the word "love" as a password... interesting ;)
Thank you! That one was driving me crazy... I couldn't figure out what the pattern was.

kdarling
Jun 13, 2011, 09:06 PM
I'm a little surprised that lucky 7777 isn't in there.

When I programmed casino equipment, our logs showed it as everyone's favorite :)

MacFan1701
Jun 13, 2011, 09:17 PM
1234? That's the kind of thing an idiot has on his luggage!!!

slicecom
Jun 13, 2011, 09:18 PM
What's with 1998?

There were more stupid people born in 1998 than any other year.

jdogg836
Jun 13, 2011, 09:40 PM
There were more stupid people born in 1998 than any other year.

Really?



;)

ChristianJapan
Jun 13, 2011, 10:00 PM
So my iPhone is off the statistics as the heroes of our IT force us to enter 8 digits per policy. And auto lock active keeps my pin often entered. :mad:

eastercat
Jun 13, 2011, 10:14 PM
Before Apple started allowing more than 4 characters for the lockscreen, my number was 1124.

nagromme
Jun 13, 2011, 10:36 PM
What's with 1998?

A lot of 13-year-olds with iPod Touches? :confused:

5683 puzzles me more. That’s more common than, say, 4321 or 9999?

(I think this info is a bit of a security/trust violation. Your choice of password goes into a data pool which is used to publish this report, which could help a thief unlock your phone! Still... interesting!)

haruhiko
Jun 13, 2011, 10:44 PM
A lot of 13-year-olds with iPod Touches? :confused:

5683 puzzles me more. That’s more common than, say, 4321 or 9999?

(I think this info is a bit of a security/trust violation. Your choice of password goes into a data pool which is used to publish this report, which could help a thief unlock your phone! Still... interesting!)

I have deleted the app after reading this report. :mad:

Rodimus Prime
Jun 13, 2011, 10:50 PM
A lot of 13-year-olds with iPod Touches? :confused:

5683 puzzles me more. That’s more common than, say, 4321 or 9999?

(I think this info is a bit of a security/trust violation. Your choice of password goes into a data pool which is used to publish this report, which could help a thief unlock your phone! Still... interesting!)

look at the letters on 5683

5 (JKL)
6 (MNO)
8 (TUV)
3 (DEF)

now what keys do you hit to spell LOVE.

ThE.MeSsEnGeR
Jun 14, 2011, 02:43 AM
Thank you! That one was driving me crazy... I couldn't figure out what the pattern was.

I recognized it immediately because I ALWAYS chose my passwords by creating 4-letter words or acronyms :p for example, last month when I bought my XBOX360 my password was 9269... and now that I bought an iPhone 4 this week, my password is 3664 as in "fon4" a bit close to iphone4 :p .... you got the picture ;)

garoto
Jun 14, 2011, 03:17 AM
Are you F#C###G kidding me? Talk about being unethical. A users data should be confidential, and if it is going to be used for statistical purposes they need to be informed, regardless of the developer collecting the data from hums own app. The app legally belongs to the user once they paid for it.

Also, is he seriously surprised that 15% of the passwords input had the same passwords? Well here's a little fact: there are only 9999 possible lockscreen combinations, and millions of iPhone users. What are the odds right? :: sarcasm font:::confused:

robpow
Jun 14, 2011, 03:22 AM
1234? That's the kind of thing an idiot has on his luggage!!!Ah, classic!

reactions
Jun 14, 2011, 03:33 AM
I use my pin - ATM


Anyone else?

ThE.MeSsEnGeR
Jun 14, 2011, 03:40 AM
..... there are only 9999 possible lockscreen combinations .....

actually it's 10,000 possible combinations ;)

Truffy
Jun 14, 2011, 04:40 AM
look at the letters on 5683

5 (JKL)
6 (MNO)
8 (TUV)
3 (DEF)

now what keys do you hit to spell LOVE.
Or KNUD. :D

ChristianJapan
Jun 14, 2011, 06:30 AM
Or KNUD. :D

Or LOUD ... What else ...

MartiNZ
Jun 14, 2011, 06:45 AM
JOVE!

I'm in the "not a fan" camp on this one, although possibly of less magnitude than other posters.

I have never used a passcode on my iPhone, but I think it would be my ATM one if I did.

ghostlyorb
Jun 14, 2011, 09:04 AM
Interesting. I can't stand having to put in a password everything I want to send a text. I use my phone too much... and if it get's stolen.. EVERYONE has an iPhone.. I can just remote lock it!

aleni
Jun 14, 2011, 09:38 AM
if your username is johndoe@gmail.com, just take 6 letters in reverse and put stupid numbering on that, that would be simple and easy to remember.

the password would be eodnho11123

TuffLuffJimmy
Jun 14, 2011, 10:20 AM
I wouldn't be a happy user of that app if I used one of those 10 passwords and they just shared it with the world.

And if my phone is broken into because I use the same passcode...

Gary
Really? It seems to me that if you use a passcode that simple you really don't care.
I have deleted the app after reading this report.

LOL! Man, people really are up in arms about this. What exactly is the problem? Do you guys even know what you're mad about?

Gemütlichkeit
Jun 14, 2011, 10:28 AM
no need to passcode my phone.. oh no they'll see my vacation pictures :)

Phil A.
Jun 14, 2011, 11:03 AM
LOL! Man, people really are up in arms about this. What exactly is the problem? Do you guys even know what you're mad about?

For me it's collection of data from a user's device without their permission. I don't care what it is he's collecting: He shouldn't be doing it without express user permission: According to the developer guidelines, you should not collect any information about a user without their express permission and a full disclosure at to what the data will be used for.

There is absolutely no operational reason for this data to be harvested, beyond the curiosity of the developer (and so he can drive visitors to his blog with these stories) and it shows a distinct lack of care for the users privacy. If he's collecting this data, how can he be trusted not to be harvesting e-mail addresses or even individual e-mails (containing photos and device locations), all of which go through his server

If people knew the passcode they use for this app was going to be sent back to the developer (he claims it to be anonymised, but again how can we trust that as he's already shown himself to be less than completely open about the app) then they'd probably use a different passcode for the app to that on their device. Without disclosure, many people will probably use the same one.

morespce54
Jun 14, 2011, 11:55 AM
The implication? A thief (or just a prankster) could safely try 10 different passcodes on your iPhone without initiating the data wipe. With a 15% success rate, about 1 in 7 iPhones would easily unlock--even more if the intruder knows the users' years of birth, relationship status, etc.

Ok, I can't help but failing to see how "relationship status" would be of any help in discovering a user's pass-code...:confused:

Mitthrawnuruodo
Jun 14, 2011, 01:55 PM
Hehe... I'm smarter than any of those crackers, I haven't set a pass code at all... no let's see them try to figure that one out... :D

jive turkey
Jun 14, 2011, 02:31 PM
Ok, I can't help but failing to see how "relationship status" would be of any help in discovering a user's pass-code...:confused:

4263=hand


:p

Phil A.
Jun 14, 2011, 02:59 PM
4263=hand


:p

:D :D
You owe me a keyboard to replace the one I've just spurted coffee all over! ;)

milkcowbluesStu
Jun 14, 2011, 05:07 PM
From an app developer's point of view, this is very unethical by my standard. User sensitive information like this is supposed to be encrypted and kept in the keychain, not sent over the Internet in plain format...:eek:

AaronEdwards
Jun 14, 2011, 06:28 PM
Are you F#C###G kidding me? Talk about being unethical. A users data should be confidential, and if it is going to be used for statistical purposes they need to be informed, regardless of the developer collecting the data from hums own app. The app legally belongs to the user once they paid for it.

Also, is he seriously surprised that 15% of the passwords input had the same passwords? Well here's a little fact: there are only 9999 possible lockscreen combinations, and millions of iPhone users. What are the odds right? :: sarcasm font:::confused:

If everyone picked their combination randomly, the probability for one combination would be 1/10000, that's 0.0001. In the collected data the probability for '1234' is 8,884 / 204,508, that's 0.0434.

That's 1 in 23 instead of 1 in 10000.

haruhiko
Jun 14, 2011, 09:03 PM
I just searched again for "Big Brother Camera Security" on my iPhone but it wasn't available anymore :rolleyes: I clicked through the link in AppShopper app and App Store responded with "Your request could not be completed."

Has the app been removed by Apple? If yes, it would be a great move, it's a big warning to unethical developers. ;)

Phil A.
Jun 15, 2011, 02:40 AM
I just searched again for "Big Brother Camera Security" on my iPhone but it wasn't available anymore :rolleyes: I clicked through the link in AppShopper app and App Store responded with "Your request could not be completed."

Has the app been removed by Apple? If yes, it would be a great move, it's a big warning to unethical developers. ;)

Yes, it has been removed by Apple (according to this (http://www.amitay.us/blog/files/big_brother_removed_from_app_store.php) post by the Author)

I'm really pleased Apple have taken this hardline stance: It sends out a clear message to developers that you can't play fast and loose with user's devices and you can't arbitrarily have your app phoning home for any reason without disclosing that fact to the user and giving them the option of not sending it.

haruhiko
Jun 15, 2011, 06:56 AM
Yes, it has been removed by Apple (according to this (http://www.amitay.us/blog/files/big_brother_removed_from_app_store.php) post by the Author)

I'm really pleased Apple have taken this hardline stance: It sends out a clear message to developers that you can't play fast and loose with user's devices and you can't arbitrarily have your app phoning home for any reason without disclosing that fact to the user and giving them the option of not sending it.

Wow... This is the value of iOS!!!!!!! Kudos to Apple for reacting so quickly!!!!!

usptact
Jun 15, 2011, 09:05 AM
Conclusion : what can we learn from this?
1) Try to use safer passcode
2) Keep your phone safe
3) Don't store sensitive data on the device protected only by this passcode

Mr. Chewbacca
Jun 15, 2011, 11:58 AM
Amazing! I have the same code on my luggage!

-Space Balls :rolleyes::D

b0blndsy
Jun 15, 2011, 12:18 PM
am glad 2311 is not in the list :) ;)

caspersoong
Jun 16, 2011, 01:41 AM
I always use passcodes that make no sense at all and are hard for me to remember.

b0blndsy
Jun 16, 2011, 02:04 AM
I always use passcodes that make no sense at all and are hard for me to remember.

But if that was collected by an app :D