The last time I tried to guess my nephewâs PIN, the phone locked itself out for a minute after a few failed attempts.
iPhones automatically lock if you put in too many incorrect password attempts. You have to wait a few minutes before you can try again. The automatic wipe feature is a bit dangerous too, as it is a pretty effective DOS attack against your phone, especially if you have small children running around the house. You could be restoring from backup quite a lot.
Been a while since I did any stats, but my gut feeling is the dot swipe pattern I use is an order or two of magnitude tougherâŚ
âŚScratch that, duh - itâs totally not : /
Given the sort of information many of us put in our phones these days, and the access the phone (and other personal computers) have to our info, treating them with a lot of care seems reasonable, and so having an ever-increasing delay between password attempts, and a lock-out after a number of failed attempts (10 on the iPhone) seems very reasonable.
How many âpassword attemptsâ would you want on you purse or wallet filled with cash, bank statements, a list of all your friends and family, etc. ?
You are lucky that relentless demand for sleeker and thinner devices has made it nearly impossible to find a phone that still includes theft-deterrent explosive chargesâŚ
Yeah I always wondered tht about these password hacking articles. Iâve been locked out of my own websites for messing up the password a few times⌠How could they get past that?
I guessed the restrictions password for the tablets we use at work in one try by looking at the lock screen password that everyone is given and thinking about the IT guyâs thought process. It comes in handy.
Iâve never owned an computer type phone. Do you need to access the data on it using the phone itself or could you just mount the file system on a different device?
Some people store useful data on their phones. The worst is if you have a list of passwords to your various online accounts somewhere findable. I occasionally check email with it, but it doesnât have my email history. The only password stuff I keep on it is lock combos, and those are only helpful if you are at the place with the lock.
my iphone password has a character with an umlat in it. i donât risk that for passwords that arenât iphone only, but iâve only had problems once (iOS 7 beta had a bug that wouldnât allow selection of the unicode characters.)
One twist on password guessing (aside from just ânibblingâ at a rate well below the lockout threshold and hoping to still score enough hits to take on a weak password) is the attackers who arenât focused on any specific account; but simply on accounts in general:
On any remotely competent system, bouncing passwords off a single account will lock it out quickly, but choosing a high plausibility password and bouncing account names, paired with that password, off the system, it will take longer to be locked out(a single IP can, in the case of an institution, have dozens to thousands of users behind it, so anyone who doesnât want customer support hell canât be too aggressive in setting per-IP lockouts, and anyone with a botnet or the like can get more IPs) and youâll probably obtain some accounts that way.
The other big one is password reuse: the dumbest outfit youâve ever been forced to set up an account with gets cracked, anyone who reuses a password gets those credentials bounced off the sites they most plausibly might also use.
Website passwords are at the (generally awful) discretion of the operator (Ebay doesnât allow spaces); but modern OSes should be OK. If iOS does, I assume OSX does, and I know that NT-derived flavors have supported unicode characters for ages.
Some mobs let you use spaces in passwords?
TIL.
I have that same robot on my luggageâŚ
Iâve been locked out of my own websites for messing up the password a few times⌠How could they get past that?
Thereâs always the time honored tradition of going around the interface entirely. Some of the biggest password breaches in history were accomplished by finding a way to steal the database of hashed passwords. Once youâve got that in hand, you can crack passwords at whatever speed your hardware will run at.
I would guess that the entry control where you swipe a shape on a grid is a bit more resilient against this kind of brute force method⌠but Iâve really no idea
Swiping a shape is essentially the same; the sequence doesnât have finger-lifts along the way. A prudent password sniffer would select one method or the other, based on the phone OS.
It gets beyond a few minutes between attempts after enough failed tries - my daughter deciding her iPod really needed a new password and not writing it down taught me that.
The more you fail, the longer that timer getsâitâs a creeping exponential. This method doesnât work on iOS because of thisâeventually the little robot has to wait days, weeks, months before guessing again.
On iOS 7 it is 1 minute after 6 tries, 5 minutes on try 7, 15 minutes on try 8, 30 minutes on try 9, 1 hour at try 10. I didnât go past that.
