New iPhone And Android Warning — Do Not Use These PIN Numbers
Don't let your PIN number be the weakest link in your smartphone security chain. Update, May 20, 2025: This story, originally published May 19, has been updated with more information surrounding the secure use of smartphone lock screen PIN numbers following the iPhone and Android warning regarding the ability of AI to quickly crack specific PIN structures, including 10 numbers you must never use.
Right? I mean, it's the first thing anyone who really cares about the security of their device and the data that is accessed using it does when getting a new phone. That should be a given, with either a fingerprint or face scan required to unlock it to add that essential primary level of device protection against casual thieves, nosey family members or work colleagues. But underneath the biometrics is something less than ideal from the security protection perspective: the vast majority of users will rely upon a simple four-digit PIN number, which is why you really cannot afford to ignore this new iPhone and Android warning.
iPhone And Android Warning Issued As PIN Number Hacking Threat Revealed
You would have to have been living in a cave not to be aware of the clear and present threat to your credentials that exists from infostealer malware that has made 19 billion stolen passwords available online, sophisticated social engineers and other advanced threats. But forget about passwords for a moment, what about the threat to your smartphone PIN number?
I have previously reported that security experts had warned against PIN reuse as this was just as dangerous a practice as using the same password across multiple sites and services. The issue here is called shoulder surfing, something that started out as a problem for people using ATMs where a thief would observe the PIN number being entered into the machine before stealing the bank card from the victim to be used at another ATM before it could be reported stolen.
It didn’t take too long for such criminals to realise they could get a better return by using the same method but to steal your smartphone instead. But here’s the thing: what if the shoulder-surfing attacker notes your lock screen PIN number, steals your phone, and a bank card is in the same wallet case using the same number? The consequences are as evident as they are costly.
Now, a May 15 report has brought another iPhone and Android warning to the forefront regarding PIN number usage: the speed at which AI can crack yours. Apple’s Surprise Free ‘Game-Changer’ Offer To All iPhone 13 Users Now Live Apple’s iPhone Update—Why You Need To Change Your Messaging App Microsoft Confirms Windows Update Locking PCs Or Blue Screen Of Death — How To Fix The Riskiest PINs Exposed — Heed This New iPhone And Android Warning
Jaanus Rõõmus, the head of technology and engineering at Messente, has warned that because PIN codes use a structural approach to categorization, some are much riskier to use than others. “PINs with the same digits are the worst,” Rõõmus said, “as they can be easily cracked by AI in 0.44 seconds on average.”
Which, as the report pointed out, is actually quicker than the time it takes for your iPhone or Android to unlock.
The Riskest PIN Numbers Revealed
| Number | Cracking Time (Seconds) |
|---|---|
| 1234 | 0.22 |
| 1111 | 0.27 |
| 2222 | 0.34 |
| 3333 | 0.43 |
| 4444 | 0.54 |
Arntz is not wrong, and I’d add the following iPhone and Android warning about PIN usage myself: don’t rely on four-digit PIN numbers at all, they are too weak to protect you. Instead, use a longer PIN.
The Solution: Longer PINs and Smart Lock Screen Options
My iPhones, for example, are all protected by unique, 10-digit PINs. How is this possible? Simple. Opt to use a password for your lock screen and choose one that is completely numerical. You can then make your PIN as long as you like.
Ignore Everything You Have Just Read, and You May Well Regret It
Ignore everything you have just read, and you may well regret it.