iPhones and other smart phones are becoming ubiquitous among legal (and other) professionals. The ability to access your e-mail and documents outside the office is extraordinarily convenient. As attorneys, though, we must temper that convenience with our obligation to preserve our clients’ confidences. Most smart phones offer the ability to password protect the phone, often with a 4-digit PIN or passcode, before you can access the information on the phone. They also often have a feature that will wipe the phone’s data if a certain number of incorrect PINs are entered in a row (with the iPhone that number is 10). But just how secure is your phone?
In this blog post by Daniel Amitay, he looked at the most common 4-digit PINs from over 200,000 users for a program he wrote for the iPhone. Startlingly, the top 10 most common PINs represent 15% of all the PINs people actually use (instead of 0.1% if the PINs were uniformly distributed). While the PINs people use for a program on their phone, as opposed to the phone’s PIN itself, may not be the same, the findings are interesting nonetheless. If they were the same or even a large percentage were, this means that someone who finds (or steals) an iPhone would have around a 1 in 7 chance of unlocking the phone before it is wiped automatically! Smart phone users would be well advised to take a look at the list and consider whether the PINs they have chosen are really as secure as they should be given what information is on (or accessible from) their phones.
For a similar article about computer passwords, check out this NY Times article.
Update: There is another very interesting article on DataGenetics website that explores this issue in even more detail. It looks at not only 4-digits PINs, but also up to 10-digit PINs and identifies some of the more common ones used. It provides even more insight into common PINs to avoid, and it is well worth the read.