Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,991
17,369



passcode_frequency.jpg



iOS developer Daniel Amitay today took an interesting look (via The Next Web) at iPhone passcode trends as revealed by usage of his popular Big Brother Camera Security application.
In my last update to Big Brother Camera Security (Free), I added some code to record common user passcodes (completely anonymous, of course). Because Big Brother's passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes.
Perhaps unsurprisingly, the most popular passcode for the app was "1234", a choice made by about 4.3% of users. Other popular codes include ones with repeating numbers (such as "0000" and "1111") and patterns on the keypad (such as "2580" and "1212"). All told, Amitay discovered that 15% of the over 200,000 passcodes captured by his app were represented by just ten different passcodes.
The implication? A thief (or just a prankster) could safely try 10 different passcodes on your iPhone without initiating the data wipe. With a 15% success rate, about 1 in 7 iPhones would easily unlock--even more if the intruder knows the users' years of birth, relationship status, etc.
Beyond the passcodes representing repetitive and patterned entries, Amitay found a higher-than-expected frequency of passcodes in the 1980-2000 range, suggesting that users are prone to using their birth years or years of other significant events in their lives as their passcodes.

Article Link: Ten Most Common iPhone Passcodes Revealed
 

Slix

macrumors 65816
Mar 24, 2010
1,230
1,511
Good to know so I can hack other's iPhones. Just kidding. ;)

Mine isn't on there. Obviously.
 

Phil A.

Moderator
Staff member
Apr 2, 2006
5,716
2,874
Shropshire, UK
Interesting as this is, I feel that collecting passcodes and sending them back to the developer (anonymised or not) is well out of order and may breach several Apple guidelines on data capture and use, not to mention data protection laws
 

ratzzo

macrumors 6502a
Apr 20, 2011
826
35
Madrid
Interesting as this is, I feel that collecting passcodes and sending them back to the developer (anonymised or not) is well out of order and may breach several Apple guidelines on data capture and use, not to mention data protection laws

I agree. Though, you could argue he's not really recording lockscreen passwords (I don't think you could do that through an app either way) but rather he implemented a screen that looked very much like it and so its users put in their lockscreen one. Tricky and deceitful, I guess.
 

TuffLuffJimmy

macrumors G3
Apr 6, 2007
9,017
58
Portland, OR
I agree. Though, you could argue he's not really recording lockscreen passwords (I don't think you could do that through an app either way) but rather he implemented a screen that looked very much like it and so its users put in their lockscreen one. Tricky and deceitful, I guess.
He's not tricking users into thinking they're at the lock screen, his application simply uses the same lock mechanism. He then published some anonymous results. In what was is that tricky, deceitful, or wrong?
 

louis Fashion

macrumors 6502a
Jan 22, 2010
726
3
Arizona, USA
I wish this info was on the splash page of every computer. We DO need to tighten up. Sony hack, IMF hack, Citi hack, I bet Sony was using 1234 on data like my credit card or what not. Jeeze.
 

Phil A.

Moderator
Staff member
Apr 2, 2006
5,716
2,874
Shropshire, UK
He's not tricking users into thinking they're at the lock screen, his application simply uses the same lock mechanism. He then published some anonymous results. In what was is that tricky, deceitful, or wrong?

This quote here
In my last update to Big Brother Camera Security (Free), I added some code to record common user passcodes (completely anonymous, of course). Because Big Brother's passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes.

He's sending information gathered by the application back to himself, and I don't see a notice about doing that in the application description (it may say it on the app: I've never installed it so don't know). I don't care if it's anonymised or not, no application should "phone home" without the express permission of the user who's installed it
 

d21mike

macrumors 68040
Jul 11, 2007
3,319
356
Torrance, CA
This quote here


He's sending information gathered by the application back to himself, and I don't see a notice about doing that in the application description (it may say it on the app: I've never installed it so don't know). I don't care if it's anonymised or not, no application should "phone home" without the express permission of the user who's installed it
+1. If I create a passcode I would assume it is not stored in plain text anywhere. Much less combine it with all of your other customers to say what they are. I have a web site where customers login in with a password. We encrypt it and store it in the database. When the customer comes back they enter the passcode which we encrypt and compare. Never do we retain the original passcode.
 

haruhiko

macrumors 603
Sep 29, 2009
6,099
4,901
That's creepy. This is the price for "free"? How can the app upload the user's passcode (most people will set the same code for this app anyway) without permission?
 

Doctor Q

Administrator
Staff member
I use a pseudo-random number generator to pick my passcodes and I change it once every 15 minutes, just to be super-secure. That's how I can be confident that nobody will see my top-secret data, such as the note saying "bring bread and milk on the way home".

Of course that means that once in a while my passcode is 1234 or 0000! :eek:
 

iScott428

macrumors regular
Feb 23, 2011
230
0
Orlando, FL
Well this just proves that most iPhone users are foolish, why even put a pass code on your device if it is that simple! If I used a passcode it would also be 1337.

This is such an interesting report, I love this!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.