An interesting factoid came to be earlier this week via a tweet by Twitter user @Tarah about the top 20 most commonly used 4 digit Mobile PINs. I also found a similar list on Gizmodo that also gave the percentages. These are as follows:
Apparently up to 23% of all smartphones can be hacked into using these PINs, with 10% being hacked into using 1234. Amazing!! Well, not really.
PINs have to be memorable, and ideally not re-used across different devices and accounts. The last point is what makes it hard to remember which PIN you used where and gives rise to people writing them down (often not very cryptically) or re-using PINs. As a general word of advice, if your PIN is any of the above then probably best to change it as soon as practically possible.
Having a good PIN (like having a good password) is not always a guaranteed method of securing your smartphone as there are devices available to law enforcement that help them crack smartphone PINs, one of which was sold on eBay recently (not sure why this person had this device or why they were selling it). If these devices are available to law enforcement, they are available to hackers too.
The thing is that Biometric authentication (e.g. fingerprint, iris scan, facial recognition) are also not fool proof and there have been recent reports of these being hacked using very simple methods. So, what do you do? A few pointers are:
- Apply suitable security to your devices using PINs and/or Biometric authentication methods and make the PIN not easily associated with you (e.g. not your year of birth)
- Never disclose PINs or Passwords
- Encrypt the device if it is taken outside your home
- Don’t leave it anywhere someone can steal it or otherwise gain access to it
- Don’t put anything on it that is highly confidential, and particularly on an unencrypted SD Card
- Limit the payment cards you add to the phone to one, and keep all others well and truly away from the phone *
- Make sure all security patches are applied
- Make sure you don’t have any malware lurking in the form of Apps.
* A tactic I use is to have one credit card that I use purely for online transactions, and another for transactions I am physically present for. The second card never gets put into a computer/phone – ever!
You can also turn on a passcode instead of a PIN on both IOS and Android smartphones/tablets as follows:
- Open your device’s Settings app.
- Tap Security & location (or tap Security).
- To pick a kind of screen lock, tap Screen lock. If you’ve already set a lock, you’ll need to enter your PIN, pattern, or password first.
- Tap the screen lock option you’d like to use. In this case, it’s password (but PIN, Pattern and Swipe are also offered).
- Follow the on-screen instructions.
- For PINs, you can enter four or more numbers and longer PINs tend to be more secure.
- Go to Settings, then depending on your model, tap one of the following: Face ID & Passcode, Touch ID & Passcode, or Passcode.
- Tap Turn Passcode On or Change Passcode.
- You can enter a six-digit number. Longer PINs tend to be more secure.
- But there are other passcode options, like a four-digit numeric code, a custom numeric code, or a custom alphanumeric code.
There are also methods of using PINs, Picture Id, Facial Recognition etc. in Windows (not sure about MACs) if you go to the settings app, and then the Accounts options and under there ‘Sign-in options’.
You may also want to take a look at my guidance on the following topics:
- Effective Use of Passwords
- Protecting your Online Privacy
- The Dangers to using Unsupported Devices and Software
- Using Free and Public WiFi Safely
- Credential Stuffing Attacks.
Headline photo provided by Shutterstock.