How-To Geek

Increase Phone PIN Security By Repeating a Digit

If you’re looking for a simple way to increase the security of PIN passcodes on devices with touch screens you can do so by repeating a digit in the sequence.

Over at Tech Crunch they highlight a downside to touchscreen PIN interfaces and a way you can easily improve security. First the problem: if you use a four digit PIN with four unique numbers, your finger prints give you away. The marks left on the screen identify the buttons pressed and reduce the high number of combinations yielded from a 4 digit pin (10,000) to a very low number of combinations one can create with only 4 numbers (24).

The solution? By simply doubling up one of the digits (i.e. using the number 5 twice in the sequence like 5785) you increase the potential variants to 36. It’s a marginal increase to be sure but it introduces an additional challenge to someone snooping on your phone with absolute zero effort on your part.

Want to Make Your iPHone’s PIN More Secure? Repeat a Digit. [Tech Crunch]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 01/3/12

Comments (12)

  1. Willie

    The funny thing is that I never even considered a person could just look at your finger prints until just now lol. My passcode already does incorporate two of the same numbers but its nice to know that helps even more to keep it secured.

  2. steven

    Or you can keep your screen clean so your smudgy fingerprints aren’t there

  3. Arston

    Or simply press a random key before/after the code :D That ought to work well also. It requires one more press, but increases the possible combinations more than just repeating a one.

  4. Matt Lucas

    Or one could use their phone after unlocking it so that by using their phone they leave more fingerprints.
    Just saying that logic doesn’t make sense unless you unlock your phone and lock it again without doing anything on your phone.

  5. Tyler F

    Matt: The point is that you will use those exact spots on the screen the most, as you are going to push the same place every single time. I think one way that phone security could be improved is either with the pin unlock changing place on the screen every time, or the actual digits changing location – that way smudges all over the screen.

  6. morris

    Surely, a better and equally easy way to improve security would be to create the habit of wiping a finger or thumb over the screen after entering security details.

  7. raymond

    Well you can just opt for a longer numeric PIN. Set the Simple Passcode to off and enter a numeric PIN. Next time you unlock, iOS won’t show the full keyboard but the numeric keypad only.

  8. Wayne

    I just use a long password.. 12 digits, letters, numbers and punctuation.

  9. Rollout

    Dont forget, your home/business security system can show the same “wear and tear” on its keypad. I’ve seen some keypads that are either:
    1) really really dirty on the 4 digits used for arming/disarming the alarm, or
    2) the four digits are the only “clean” digits on the pad, the rest are dusty and grimy, or
    3) the numbers are worn away on the 4 digits used and are fresh on the digits not used.

    Either way, you can tip off an intruder to the 24 possible code combinations by leaving the keypad in one of these states. Not that anyone can actually think when the alarm is going off and the noise is bursting your ear drums.

  10. Thomas

    Phone manufacturers should really just scramble the available 10 digits each time you try to unlock it. That way the number 8 will not be in the same place several times in a row. Sure, it will slow you down but it will completely bypass checking fingerprints to see which numbers you hit..

  11. atlcr

    A 4 digit password is inherently insecure. A person with enough dedication will eventually figure it out. If you’re worried about security, use a longer password.

  12. Brett

    In a hospital department their alarm keypad was by the door. I noticed the ‘7’ key was very dirty. For the hell of it I poressed it 4 times and Voila! It wanted me to arm it or enter a function to execute. It is true.

    I use an 11 digit PIN with one digit repeated 4 times and another twice. I also key it fast. BUT the best part is that at the 5th character I key a backspace and rekey the digit again. The logic is that is disrupts someone watching, mentally. They may watch you (hard, I have practised and key fast) but say they are watching closely. When I hit the backspace it is unexpected so they mentally try backing up, mentally ‘deletind’ what they have tried memorising. meanwhile I have continued and their rhythm is lost. This works – I have not explained it well but anyone studying psych will know the theory.

    As a sys admin I also had to give passwords by phone to remote sites sometimes (twice a month). The data was very secure so I had to pass it by voice in such a way that nobody listening could decipher it. This was done by pre-arranging with the remotet sites that certain characters would automatically be transcribed to something else. So, if the rule was T=2, then I gave them the password of ‘tattle’ they would know it was 2a22le. Not infinitely secure but handy to bypass casual intrusion.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!