iPhone Security Check: Are You Still Using One of These Passcodes?

By IDrop News Staff
3 Min Read
Apple iPhone 15 with scanning Face ID IOS 18 iPad Credit: DenPhoto / Adobe Stock
Text Size
- +

Toggle Dark Mode

A few years ago we covered the 20 most easily guessed iPhone passcodes. More recently, we reported on the most common 6-digit passcodes. A recent analysis revealed a shocking number of people still use commonly guessed passcodes.

This data reveals the astonishingly high odds a potential bad actor has of successfully unlocking your iPhone should it fall into their hands. It may seem silly at first, but check it out.

This Limited-Time Microsoft Office Deal Gets You Lifetime Access for Just $39

Sick and tired of subscriptions? Get a lifetime license for Microsoft Office Home and Business 2021 at a great price!

The iPhone has allowed for alphanumeric passwords since nearly the beginning — it was added in iPhone OS 3.0 in 2009 — but it wasn’t until 2015 that Apple introduced a six-digit passcode option as a middle ground in iOS 9, providing better security for those who didn’t want the complexity of using a full password. At that point, using a six-digit passcode became the default when setting up a new iPhone.

For reference, a four-digit passcode has 10,000 possible combinations. A 6-digit passcode has 1 million possible combinations. As of today, Apple offers users the ability to set a four-digit numeric code, a six-digit numeric code, a custom-length numeric code, or an alphanumeric password. So, it should be unlikely that a thief could successfully unlock a random iPhone, right? Wrong!

iphoen passcode options

Here’s what happens if you enter the wrong passcode while trying to unlock your iPhone. Some of us have been here before:

  1. After four incorrect attempts, your iPhone will lock you out for one minute.
  2. After the fifth attempt, you’ll be locked out for five minutes.
  3. After the sixth attempt, the lockout increases to 15 minutes.
  4. After the seventh attempt, you’ll be locked out for one hour.
  5. After the eighth attempt, the lockout increases again to three hours.
  6. After the ninth attempt, you’ll need to wait eight hours before you can try again.
  7. After the tenth attempt, the iPhone will be disabled and must be wiped and restored using a Mac or PC. If your iPhone is running iOS 12 or later, the encryption keys are destroyed at this point, rendering nearly all the data on the device effectively inaccessible.
  8. If you’ve enabled the Erase Data option, the iPhone will also be wiped and returned to its factory settings, guaranteeing that no data can be recovered. However, if you had Find My enabled, the Activation Lock will still be in place, preventing anyone else from setting up your device without your Apple Account email address and password.

Only unique passcode attempts are counted; entering the same incorrect password multiple times in a row will only count as one attempt. It’s also worth mentioning that older versions of iOS only enforced a maximum lockout period of one hour, even after the ninth attempt; Apple added the three- and eight-hour delays in iOS 17.

The Australian Broadcasting Company (ABC) recently analyzed 29 million iPhone and Android passcodes from the data breach tracking site, Have I Been Pwned. Their research showed that if someone wants to unlock a stolen phone and only has 5 guesses, they have a 1 in 8 chance of guessing the passcode correctly. This is before they are locked out of guessing again at all. This means that with 5 guesses, there’s a 12.5% chance a randomly stolen iPhone can be successfully unlocked, with 5 more guesses to go. Are any of you on the list? What are we thinking?

Here’s an updated list of the 20 most commonly used 4-digit passcodes.

  1. 1234
  2. 1111
  3. 0000
  4. 1342
  5. 1212
  6. 2222
  7. 4444
  8. 1122
  9. 1986
  10. 2020
  11. 7777
  12. 5555
  13. 1989
  14. 9999
  15. 6969
  16. 2004
  17. 1010
  18. 4321
  19. 6666
  20. 1984

If your passcode is a little too simple, it’s time to stop ignoring the odds. You’re not alone. ABC’s investigation also found that journalists attending a briefing at the UK’s National Cyber Security Centre (NCC) were given a temporary passcode to access the building’s facilities. That passcode was ‘1234.’

Please take the time to update your iPhone’s passcode by going to Settings > Face ID & Passcode > Change Passcode. While you’re at it, it’s wise to reconsider any simple passcodes you have for other sensitive accounts like your ATM card. Hackers are always a step ahead. Let’s not make things too easy for them.

Share
Sponsored
Social Sharing