"Because Big Brother’s [the app in question] passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes," says Daniel Amitay.
It turns out that of the 204,508 recorded passcodes, 15% were one of the most common ten:
Comparing it to the list of most common internet passwords, one can see the similarities. "Most of the top passcodes follow typical formulas, such as four identical digits, moving in a line up/down the pad, repetition," he points out. "5683 is the passcode with the least obvious pattern, but it turns out that it is the number representation of LOVE (5683), once again mimicking a very common internet password: “iloveyou.”
Another pattern that pops out when looking at the list of top 100 most used passcodes is the conspicuous use of numbers that mimic particular decades in the last century - the 1990s and 1980s in particular. Amitay chalks that up to the assumption that most users are between the ages of 11 and 21, as it is very likely that the passcode represents the year of their birth or graduation.
Again, nothing new here - people often use their birth dates (or those of their near and dear) for PINs, passwords and codes, fearing that they would soon forget a random number and choosing one they never could forget.
The conclusion is, once again, that people are predictable and don't think much about security. But the fact that makes Amitay's revelation extremely crucial is that if someone steals or finds a lost iPhone, he has a 15% chance of unlocking the device and accessing the data within before it gets wiped just by trying out the passwords on the aforementioned top 10 list.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.