5863 ...
Does not spell 'love'. 'June' perhaps. Methinks you ment 5683.
Is your phone PIN '1234'? If you're an iPhone owner, there's a good chance that it is. In fact, there's a good chance it's your PIN whatever handset you use. iOS software developer Daniel Amitay, creator of an app called Big Brother Camera Security, added iPhone-style four-digit passcode access to his program. He was staggered …
How about 'Grunt1nGB01dS'?
I suppose what your'e saying is right but if you can understand me enough to predict that I might use that password then you're a genius. Warped as well if you can think like me.
P.S.Oh and you're wrong anyway. I 'generated' that one just as an example of the kind of passwords I use :)
P.P.S.I use symbols as well in the more important passwords.
But to what, I have no idea.
Any very infrequenctly used password/number is effectively forgotton in most "secure" systems, (including phone banking for example), so unless you have a screen lock-out on the same PIN, or have managed to recall what scrap of paper it was written on and where said bit of paper can be found and didn't clear it out at some point in the last few years, this might be your chance to get back in...!
We are assuming that users are using the same pin for the app that they use to unlock the phone. If I was installing a 3rd party app and it wanted a PIN I would NOT use my phone pin number (or bank pin number) but would make another one up. There is a good chance the I'd use 1234, if I was just trying the app out, or didn't consider the security that important.
I feel the logic in this article is flawed.
Just like 9-level authorisation for government secrets, you can do the same with pins:
Having a non-smartphone, anyone I'd let use my bicycle I'd let use my phone --- so they have the same 4-digit keys. Same for a raft of other not-very-exploitable, physical-access devices.
All laptops and desktops share another passwords, as they all have access to a similar collection of browser-saved passwords. All "opinion" sites, ElReg/Beeb/cavia-breeding-forum/..., share another.
Just like keying your front and back doors to the same --- less keys to duplicate or get lost, and equally important access points.
Dark Helmet: So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kinda thing an idiot would have on his luggage!
Skroob (walking in): What's the combination?
Colonel Sandurz: One, two, three, four, five.
Skroob: One, two, three, four, five? That's amazing! I've got the same combination on my luggage!
>That last number is interesting: Amitay also found that years, from the 1990s and 2000s in particular, make very commonly used PINs.
Would I be right in thinking that the majority of iPhone owners are in their 20s or early teens? It' a bit of stretch as far as the 2000s are concerned but otherwise it makes me think of birth years :)
"...Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to You (if any) related to the Licensed Application"
I don't think his use is covered by this.
No, I don't think I can admit this one.
If an app had gotten into the store and had started sending expensive text messages out without your permission (like happens in the Android store), then I'd agree with you.
Or if someone had a malware app that exposed the actual iPhone passcodes of his users (which he cannot do, thanks Apple), I would also agree with you.
But just because some idiot developer posted a list of passcodes that his users chose to use *in his app*, that is no sign of Apple's review system failing.
I also thought the Apple process would have been able to find code that sent data off the device especially something like a pin code, even if it is only used by the app. I thought that was the point of the App approval process and the walled garden. Guess I will stick to my Android, at least I know it is insecure and I don't have a false sense of security.
"Amitay reasoned that punters will generally use the same code for his app as they will for their iPhone's main PIN lock"
Amitay reasoned wrongly. I can only speak from a sample of one, but when some two-bit phone app asks me for a PIN, I will almost certainly use something trivially memorable like 1234 precisely to avoid given my main security PIN away to a third party.
Security levels of passwords and PINs isprecisely related to the importance of the application, and I think most people probably think the same.
GJC
but there are only 3 attempts before smartcard gets locked / data are wiped. So what's the point? BTW, El Reg has omitted the "out of 204,508 recorded passcodes" phrase from its article, making calculation of expected break-in success ratio for a particalar strategy impossible. The best strategy yields only about 9.23% chance of success.
So the app was approved by Apple and just now has been yanked?
According to Apple:
"The things the reviewers check for when apps are submitted: buggy software, apps that crash too much, use of unauthorized APIs (Google, apparently, excepted), privacy violation, inappropriate content for children, and anything that "degrades the core experience of the iPhone.""
So what Apple says they do is not actually what they do. All smoke and mirrors from Apple.
If you find a pin locked phone lying around and want to break in, arguing the merits of whether the pin is a dummy, randomly generated or the same as something else is pointless. Here is a list of 10 suggestions which will quite possibly get you in. And not knowing the owner personally, you don’t offend anybody by assuming that the owner is an idiot.