Norman Safeground Blogs

insight, opinion & information


The 10 Most Insecure Passcodes

Earlier this week I read an extremely interesting and impressing blog item by Daniel Amitay: Most Common iPhone Passcodes.

Amitay has analyzed more than 200 000 passcodes used in an app with a similar passcode setup screen to iPhone. His findings are astonishing and scary.

Let me go through some of his findings. Keep in mind that there are 10 000 different passcodes that users have to choose from when they select their four digits code.

The 10 most commonly used codes are

  1. 1234
  2. 0000
  3. 2580
  4. 1111
  5. 5555
  6. 5683
  7. 0852
  8. 2222
  9. 1212
  10. 1998

If you look at a numeric keypad, all of these seem like “logical” codes to choose if one was interested in a code that was easy to remember and type. The only exception is No 6 (5683) until you spot that this equals the numerical representation of the word LOVE.

The surprising issue is the frequency that these codes were used. Amitay’s study shows that these 10 codes represent an astonishing 15% of all codes used. Statistically they should have been one tenth of a percent! This means that if you try these ten codes to unlock a mobile phone, you will succeed in approximately one in seven times.

I went a step further and checked the top 5 codes. In a perfectly random world, these should represent 0.05%. In the study, however, they represent more than 10%. I.e. by testing these top five passcodes on a locked phone, you will succeed one in ten times.

Amitay also looked at other types of code distribution. His findings indicate that people tend to use passcodes that represent important events in a person’s life, like year of birth. Any code starting with the numbers 193* – 201* has a much higher probability for being used than what should be expected providing a statistically random code representation.

One may persume that the average person is less careful in selecting a passcode for his/her telephone than for the card used for money withdrawals from bank automats (ATMs). However, it seems naïve to presuppose that at least similar code selection mechanism applies.

The caveat of this is: Don’t use passcodes that are too obvious to protect any of your systems. A person with bad intent may be able to access your valuables only by performing some educated, qualified guessing. Taking a few minutes memorizing a “random” code may be a good investment in time.

Tags: , ,

3 Responses to The 10 Most Insecure Passcodes

  1. Pingback: Passcode blogs | Alirazashaikh

  2. The results of this study are really very alarming! People should be really careful when setting up passwords for any of their systems if they are serious about protecting themselves from identity theft. Thank you for sharing this very useful article.

  3. Thank you for sharing this information. The cases of identity theft have really increased in recent years and people should take this very seriously. This post you have shared will serve as a reminder that protection of systems is really essential. Again, thank you for posting.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



The Author:

Made up of various contributors' opinions and insights - the power of the collective.

Security Exposed Bloggers

Norman Safeground Blogs Archive