Change your birthday

1 July 2019 Information Security

You’ve likely seen a list of top 10 passwords that get reused time and time again – ‘password’ is a usual suspect – but what about phone PIN numbers? How unique are the PIN codes that we choose to stop cybercriminals from getting into our phones and their eyes onto our most precious accounts, asks Carey van Vlaanderen, CEO at ESET South Africa.

Carey van Vlaanderen
Carey van Vlaanderen

People tend to lock their phones with a code, but what if someone knew that code or could possibly work it out? Maybe they could guess it from frequently used PIN numbers? Would they then be able to read your emails, send a WhatsApp or view your Amazon basket?

Recent research from the SANS Institute found what the top 20 most common mobile phone PIN codes were (not in order):

They found that an astonishing 26% of all phones are cracked using these codes. There is a good chance that if your phone is stolen or lost, criminals could get into your phone within their first few attempts – even without knowing anything about you.

So why do people – including Kanye West – continue to use simple codes? Well, it might be best to answer this question first: When did you last change the PIN code to unlock your phone?

Most people have now had a smartphone complete with a lock on it for around a decade and it must be said that in 2007, when the first Apple iPhone came out, we were more interested in its features than discussing attack vectors. Fingerprint readers were a few years off in 2007 and so when we had to enter the code up to 50, maybe even 100 times a day to unlock it, you can start to see why people wanted to get into their phones quickly and easily.

The problem is, even with the introduction of longer codes, Face ID or Touch ID, people rarely change their PINs and settled with a code they use on every device – even though we now rarely unlock our phones with a PIN.

Another method people use to remember PIN codes is to use numbers that mean something to them. However, a threat actor relies on people who tend to have an ‘it won’t happen to me’ attitude, so what if the person wanting to get into your phone knows a little about you? When phones have a 4-digit code, people will often use a year; when a 6-digit code is recommended, people often enter a memorable date to unlock their phone.

This is an extremely dangerous way to secure your most cherished device and allows any cybercriminal with some open-source research skills to trial possible codes to unlock your phone.

What about Face ID or Touch ID? Won’t this fully protect us from attackers? Well, the short answer is no. Many people think that once they have a fingerprint reader or facial recognition on their device that they won’t need to be so hot on PIN code security. Remember that there is still a default code to get into your phone and a hacker can work out this code far more easily than cutting off your finger or replicating your face to open your device.

How to stay safe

The best countermeasure is to start using a long unique alphanumeric code to unlock your phone; then, as this can be time consuming to unlock your device, turn on Touch ID or Face ID to speed up entry.

It might also be a good idea to mention that you should also be aware of your surroundings and who might be watching your movements. Far too frequently on public transport we see people enter PIN codes, passwords, or even on the phone shouting out credit card details including the three-digit CVV number on the back.

Finally, after backing up your device, you should add a further layer of security by turning on ‘Find My iPhone’ for iOS or ‘Find My Device’ on Android, which will allow you to wipe your phone remotely should it ever get stolen (anti-theft and remote-wipe features are also included in reputable mobile security solutions). Even though you may never see that device again, at least the criminals won’t be able to get into your device and look through your personal data and information.

For more information contact ESET-SA, +27 21 659 2000, [email protected], www.eset.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.