Gretel Egan | August 05, 2014

Four Is Not Enough for Mobile Device Security

By: Gretel Egan

Do you have a PIN or other locking mechanism on your phone and/or tablet? If so, good. If not, get cracking.

So, any lock is better than no lock, right? Sure. But as is the case with all security measures, some options are more effective than others. Which would you rather have on your front door: a latch with a combination lock (think grade school lockers) or a Grade 1 double deadbolt? The latter is exponentially more secure; a set of bolt cutters would dispatch of the former in no time flat.

The good old four-digit PIN may be immune to deadbolts, but it is the least effective option for locking your mobile device. To start with, there are only 10,000 possible combinations. On the surface, that might seem like a lot; and, certainly, it would take a fair amount of time to enter all 10,000 combinations in hopes of getting a hit. However, a 2012 PIN analysis by Data Genetics indicates that the process might be considerably easier than that.

Are You Using a Top 20 PIN?

Data Genetics analyzed records of 3.4 million four-digit PINs present in exposed password databases. All 10,000 possible combinations were present in this sampling. However, analysis of the data revealed the following alarming percentages:

     
  • • Nearly 11% of the PINs were 1234
  • • More than 6% of the PINs were 1111
  • • More than 26% of PINs in the sample were one of 20 simple combinations

The bottom line of the Data Genetics analysis is this: predictability breeds vulnerability. In the databases, 1234 was found more often than the 4,200 least common PINs combined! Which PIN do you think a hacker is likely to try first?

Strengthen Your Lock Today

Let’s face it: the more predictable your number, the more likely it can be guessed. And don’t forget that susceptibility isn’t just determined by data analysis; there’s also a personal component. For example, even if your birthday and anniversary aren’t among the more commonly used combinations of numbers, they’re still predictable numbers for anyone who has even cursory access to your personal information.

So if you have a four-digit PIN (or *gasp* no locking mechanism at all), it’s time to remedy that. At minimum, opt for an unpredictable six-digit PIN (no birthdays, 123456, 111111, etc.). Take it up a notch with an even longer alphanumeric password, complex swipe pattern, or fingerprint scanner. These are simple, effective ways to improve your mobile device security.

Looking to strengthen your mobile device security? Try a demo of our smartphone security module.

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now