In reality, no one would want to spend multiple seconds in the day entering in a long password which might be stronger than a PIN, simply because it would take so long. They assume, because of its length, that the PIN is already secure enough.Īs for passwords, well, the hassle of entering a strong, long, alphanumeric string into a small smartphone keyboard could just put people off of choosing something more secure altogether. The researchers speculate that the reason 6-digit PINs are only marginally more secure than 4-digit PINs is because the sequence is longer, and so people don’t want to spend too much effort on it. The research will be published later this year at the IEEE Symposium on Security and Privacy. Researchers from Ruhr University, Bochum, Max Planck Institute for Security and Privacy and the George Washington University, found that six-digit passcodes were only marginally more secure than 4-digit passcodes, and in some cases were easier to guess. And whilst you might expect six-digit passcodes to be more secure than 4-digit passcodes and PINs, that might not actually be the case. This includes not tying it into something easy to guess, such as dates of birth. So, avoiding the most common PIN numbers and passcodes is the most sensible way to make your phone more secure. "People also tend to choose pins that are easy to put in quickly by feel, like 1232 or 7898." If you see someone with a 12-year-old kid, a reasonable PIN to try might be 2008, and then 2007, and then 2009," Anderson adds. "People tend to choose pins which correspond to birthdates. In a study conducted in 2012, Anderson found that the majority of people use PINs that represented dates, years, repeated digits and even snigger-worthy PINs involving the digits six and nine. So, how do you make sure that your passcode or PIN is as secure as it can possibly be?
That’s why it’s even more important to make sure that the smartphone’s last defence is a good one. And even if they did, they wouldn’t need your biometrics to access your phone, all they need is your passcode. The chances are that a hacker has immediate access to your face, fingerprint or iris is fairly low.
If it’s not stored in the enclave, then it will most likely be stored somewhere in the software, which Anderson says can be cracked if the attacker is motivated enough.
As of 2019, 89 per cent of Android phones have a secure hardware chip for storing data, according to a report by Counterpoint Research. If only for the fact that the PIN is the last defence before someone can access your phone.Īndroid manufacturers have only recently begun storing sensitive data in an enclave. While passcodes and PINs aren’t a requirement on devices running either iOS or Android, unless you use Face ID, Touch ID or an iris scanner, setting one up is just a sensible move to make. “This is a complex problem, but for people who are not security experts, a PIN is pretty good,” says Ross Anderson, professor of security engineering at the University of Cambridge. While none of the security methods are completely fool proof, the passcode or PIN seems to be the best defence against attackers wanting to access your phone.
But these options aren’t all equally secure. Passcodes, PINs, passphrases and patterns act as the core defence to any biometric methods of unlocking your phone. With there now being such a veritable smorgasbord of ways to unlock today’s phones, is there one method which is the most secure? And how do you make your chosen phone-locking method the most secure it can possibly be? The best form of defence is your passcode, PIN or password