• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Pin Code Security thoughts

AZgl1500

AZgl1500

Extreme Android User
Okay, I'm taking a vacation into some very heavy tourist places, specifically, Washington DC and all of the museums.

at home, I have never lost a phone. Not one... I use a neckstrap most of the time.
but, in a crowd you can get jostled and a fast pickpocket can roller skate by you and be gone before you can know it happened.

since my phone has several financial apps working on it, I decided to set up a 6 digit pin code.
I also enabled the "10 times and Format Phone" ends the game for a thief.

I looked at Probability math websites and got lost before I got started. I flunked Calculus in college, so that means nothing to me.

In a short short, anyone hazard a guess as to how likely it is someone would guess a 6 digit numerical pincode?
The 10th miss will FBR the phone.

Part 2:
On TV, CyberForensics seems to think that they can interface with any phone and break the password/pincode without triping the FBR.

Nice TV show, lots of fun, but they make a lot of glaring errors in their "facts", and I think this is one of them.
How many thiefs of cellphones are likely to have the skill level to successfully break a 6 digit pincode?
 
If they don't have any clues (such as fingerprints on the screen to tell them which digits to try) then they have a 1 in 10 chance of guessing each digit. So with 6 digits that's a 1 in 10^6 chance of guessing it on the first go. If they remember what they tried then the odds are slightly better on the second go: 1 in 999,999 rather than 1 in 1,000,000. The difference is small enough that it's not worth taking into account, so it's a good enough approximation to say that they have a 1 in 100,000 chance of guessing before the phone is reset (i.e. 10 guesses with 1 in 1,000,000 each time).

If you impose some rule like "all 6 digits must be different" the odds fall dramatically, but then they can't know whether you have done this or not. Likewise the odds are shorter if e.g. you used a significant date and they guessed correctly that you had done so (because many number combinations won't come up in that case: no months > 12 or days > 31). But in both cases the odds are still long even if they guess correctly which rule you used, and they would have no way of knowing whether they had guessed correctly.

And your average phone thief will not have the knowledge to bypass the pin code. A knowledgeable one might know that they can use recovery mode to wipe the phone as a way of bypassing it, but if they do then they've done your work for you.
 
Thank you for that.

I used one digit 3 times :)
and the others are random...
I figured that ought to up the odds a bit higher...

in any event, it is less than 24 hours since I went from No lock screen to the PinCode lock screen...
and I am not bothered by it at all. Can unlock it in less than 2 seconds, and to me, that is worth that 2 seconds knowing that if the phone does get away from me, it will be a brick soon.

Verizon will void the MEID and that is all she wrote for that one.
 
You must log in or register to reply here.
Back
Top Bottom