PINs/Passcodes

Tacking on to my thoughts about the iPhone access issue…

We’ve all seen stories that come out periodically about how people use very weak passwords to protect their computer and online services.  You know the list.

  • cat
  • dog
  • 123456
  • qwerty
  • password

Of course you don’t use any of these or those from this list of commonly used passwords, right?

There really is no excuse for a weak password.  You have the whole keyboard with letters, numbers, special case characters, upper/lower case, at your fingertips.  Any browser that I know will kindly offer to save them for you and there are all kinds of password managers available.  Many are free to use with upgrade options or some are pay services to begin with.  There was a time that the argument against using this technology surrounded sharing of computers but that’s largely a thing of the past.  Most people carry their laptop computer with them anywhere they’ll need computing power.  And besides, you being the sophisticated user you are, have a password in use for access to your browser and then for your password manager.

Then, there’s your phone.

That’s a different animal.

You don’t have the full keyboard at your disposal.

If you’ve used Windows 10, you’ve probably seen the message from Microsoft that a PIN/Passcode is more secure than a password.  An interesting discussion is available here.

Certainly with your phone or tablet, without a password, it’s a whole different ballgame.  Not only do you have just numbers to protect yourself from prying eyes, many of us will use our phone only with one hand.  It’s just that convenient.  Plus, you might have the dog leash in the other hand.

And yet, you want your data to be just as secure.  So, if there are weak passwords, are there weak PINs/Passcodes?

I would guess that commonly used weak PINs/Passcodes might include:

  • 1111
  • 7777
  • 3333
  • 9999
  • 1234

There hasn’t been as much research on this topic although the recent events just might inspire some.  However, this older article “Most Common iPhone Passcodes” from Daniel Amitay gives his take and an interesting read.  Check out also “The 20 Most Common PINs Are Painfully Obvious“.

There’s a great deal to think about there.  How much thought do you or your students put into the choice of protection for your devices?

4 thoughts on “PINs/Passcodes

  1. On the iPhone, you can enable the full keyboard for entering a passcode (Settings, Touch ID & Passcode, Change Passcode, Passcode Options). If you have fingerprint recognition enabled it’s a good idea, since you don’t actually have to type it very often.

    Liked by 1 person

  2. Had an adventure with my password-protected phone this weekend, while away for a holiday. Lost my phone in a public space. When we called it later that day, someone was able to answer because my phone pops a call up, and can be answered without the password. This person, who we were able to connect with, and retrieve my phone, had found it in a very different spot from where I’d lost it. We assume the first person ditched the phone because of the password. Happily reunited, and very thankful for an honest university student, and the feature that lets a call be answered.

    Liked by 1 person

  3. Seems to me that if you use a 4-digit numerical passcode, with 10x10x10x10 possible codes, you are pretty safe if the phone manufacturer has implemented some kind of limit on the number of acceptable attempts.

    In a recent instance that has generated some interest in the media, the FBI in the United States is attempting to access the phone of a deceased suspect. While one might suggest that they simply try all possible 10 000 pass codes, they appear reluctant to do so. As it turns out, the phone’s manufacturer thoughtfully employs a counter-measure to such “brute force” attacks, in only allowing ten attempts. After ten unsuccessful attempts, the manufacturer’s protocol embedded in the phone’s design has the phone delete all data, thus protecting the owner’s information.

    As it turns out, the FBI finds this decision problematic. They would like the phone’s manufacturer to provide them with a “work around” to the phone’s built-in security. The phone’s manufacturer has publicly stated that their protocol is intended to protect an individual’s privacy and data.

    A good number of technology companies and politicians have started to weigh in on what appears to be a very important question. Just yesterday, a retired software programmer named Bill Gates was quoted in the media as suggesting that the company in question, Apple, Inc., should provide a so-called “back door” or “exploit” allowing the circumvention of passcode security. Over the course of Gates’ tenure at his own company, literally millions of third-party softwares have been able to run on his company’s software as a result of such “back doors” or “exploits.” Historically, the devices designed and sold by Apple, Inc. have not supported nearly so many third-party circumventions, such that some individuals actually see this as a desirable feature.

    Jumping into the fray, another programmer named John Norton has claimed that he would be able to find a way around the security protocol, were he to be provided with access to the phone in question for 24 hours. Interestingly enough, Norton made his name (and his fortune) in selling software that adds protection to computer devices that have “backdoors “or “exploits” that the device owners would like to close.

    Given that most software does not include an automatic lock out after 10 unsuccessful attempts at entering a four digit numerical code, most folks are wise to use an even more unpredictable combination of numbers letters and symbols when creating and using passwords. Educators should indeed consider enlightning their students about the dangers in using easily guessed passwords or pass codes.

    In the case of four-digit numerical pass codes with an automatic lock out, I think a sufficiently random code is perfectly fine. I should mention that the protocol employed by Apple, Inc. also incorporates a fail-safe of forced intervals between successive attempts, such that one must wait an increasing period of time (five minutes, fifteen minutes, and hour) before the next attempt. As Lisa mentioned above, this gives one time to think before making the next attempt.

    Thinking carefully before acting is a good thing.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s