Unfortunately, the battle between picking a strong password and picking one that’s easy to remember isn’t much of battle at all. The number of people who still choose weak passwords to access their email, for example, is astonishing.
When it comes to iPhone passcodes, things are decidedly worse to the extent that guessing someones iOS password is a lot easier than you might think. For starters, iOS passcodes are only 4 characters long and contain only numbers.
With 4-digit passcodes, there are potentially 10^4 possible password combinations users can choose from. That’s 10,000 combos, which may sound like a lot, but pales in comparison to the millions of possible passwords that would arise if you tossed in special characters and letters. Compounding matters quite critically is that iPhone and iPad 4-digit passcodes aren’t particularly creative or random.
Daniel Amitay did a bit of research and anonymously recorded 204,508 iPhone passcodes and found that 15% of them were one of the following 10 visible in the graph below.
Could these be any simpler? 1234, 0000, 1111, 5555? Even ones that seem random – 2580 for example – merely represent the vertical row of numbers in the middle of the keypad. And as for 5638, that’s simply the keyboard representation for “Love”. Truth be told, these “passcodes” aren’t really passcodes at all. It’s essentially the equivalent of using a password like “password” for your email account.
Also telling is that a list of the top 100 most used passcodes reveals that a good chunk of passcodes merely reference dates from the 1980s, 90s or 2000s. Amitay writes that passcodes from the 1990-2000 era are all in the top 50 while passcodes for the years 1980 through 1989 are all in the top 100.
Apparently people like using passcodes that either represent the year they were born or some other special memory is a recipe for an easy to access iOS device.
With 15% of all passcodes represented by just 10 passwords, iPhone and iPad owners should clearly be more vigilant when securing heir device. And once those top 10 passwords are tapped, experimenting with years from the 1990’s and 2000’s might bear some fruit as well. So while some folks are toting around what they think are secure iPhones, it really may take someone no more than 20 or 30 attempts to potentially access sensitive data.