Why repeating a digit may improve security on your iPhone’s 4-digit lockscreen PIN

My good friend from college sent me an interesting email.

Presh, real-life question for you: What is the safest way to lock my iphone?

Let me explain.

A friend unlocked his phone once and I grabbed it and said “so, 9,6,0, and 1, huh?” because the bulk of “tap prints” were on those numbers and, I rightly presumed, correlated to his password. He freaked out because were I a thief, I could unlock his phone pretty easily as I’d know all four numbers and that they are only used once each within the four-digit code (I believe where would be 4x3x2x1 = 24 options). Not terribly safe, is it?

(For more information, check out this great article which has images of smudge prints on phones, which also explains why 3 digit PINs are ideal)

Seeing the security issue, my friend came up with a solution he believed would be better:

So when setting my password, I opted to repeat a number (e.g. 1-2-3-1). That way, someone would look at my phone and even if they could figure the three numbers I use, they would either have to guess at the fourth number (which doesn’t exist) or, should they rightly figure out that I only use three independent numbers, they would have to try all possible permutations of those three different numbers within a four-digit code.

He felt his method was better, but he could not prove it. He posed a couple of questions over to me.

Am I helping myself by using three numbers in a four-digit code?

Would it be even safer if I only mixed two independent numbers?

I thought this was a fascinating question. I came up with my opinion on the matter, and the math and my answers are below.

The math needed for this problem

We need a way of counting possible passwords. The easiest case is when someone uses 4 unique numbers for the 4-digit passcode. Each number is used exactly once in the passcode, and hence the problem reduces to counting the number of ways to rearrange 4 objects. This is solved by counting the number of permutations. As calculated in the email, there are exactly 4! = 4 x 3 x 2 x 1 = 24 ways to have this kind of password.

But what happens when you have a password like 1231? That is, how can you count passwords in which one or more numbers are used multiple times?

The way to solve this is by using an extension of permutations known as the multinomial coefficient. The multinomial coefficient is calculated as the total number of permutations divided by terms that account for non-distinct or repeated elements. If an element appears k times (i.e. has a multiplicity of k), then the factor to divide by is k!

A simple example from Wikipedia’s entry can illustrate. Let’s say we want to figure out the number of distinct ways to rearrange the letters in the word MISSISSIPPI. There are 11 letters but some of the letters are repeated. There are 1 Ms, 4 Is, 4 Ss, and 2 Ps. The number of distinct rearrangements of the letters is the number of permutations (11!) divided by the factors for the elements accounting for their multiplicity (1! x 4! x 4! x 2!). The multinomial coefficient is thus 11 ! / (1! x 4! x 4! x 2!) = 34,650.

Am I helping myself by using three numbers in a four-digit code?

There are 4! = 24 possible ways a password can be formed from four distinct and known numbers. Will using just three numbers increase the number of possibilities?

The surprising answer is that yes, it does. It seems counter-intuitive at first so let’s go through an example.

Suppose you see an iPhone where the “tap prints” are on the numbers 1, 2, and 3. How many possibilities are there for the four-digit password to unlock the phone?

There’s a simple observation needed to go on. In order that three numbers are all used in a four-digit password, it must be the case that some digit is used twice. Perhaps the number 1 appears twice, or the number 2, or the number 3.

Suppose the number 1 is used twice. How many passwords are possible? We can use the multinomial coefficient to figure it out. We know the total number of permutations is 4! and we must divide by 2! to account for the number 1 being used twice. Thus, there are 4! / 2! = 24 / 2 = 12 different passwords. We can list these out:

1123
1132
1213
1312
1231
1321
2113
2131
2311
3112
3121
3211

But we are not done yet. We must similarly count for the cases in which the number 2 is used twice, or the number 3 is used twice. By symmetry it should be evident that each of those cases yield an additional 12 passwords.

To summarize, there are 12 passwords when a given number is repeated, and there are three possible numbers that could be repeated. In all, there are thus 12 x 3 = 36 passwords.

Notice there were just 24 passwords when using four distinct numbers.

This trick of using three numbers does in fact increase the set of possible passwords. While each case of three digits only gives 12 passwords, the gain to this method is that the other person doesn’t know which number is repeated. And so they have to consider all possibilities which becomes 36 possible passwords.

Would it be even safer if I only mixed two independent numbers?

If three is better than four, then is two better than three?

Unfortunately it is not.

There is just not enough variety when using two numbers. The gain in ambiguity of multiplicity is simply not enough to counteract the lack of passwords.

With two distinct numbers, there are only 14 possible passwords. This is found since the two numbers either have multiplicities as (1, 3), or (2, 2) or (3, 1). We can add up the multinomial coefficients to get 4! / (1! x 3!) + 4! / (2! x 2!) + 4! / (3! x 1!) = 4 + 6 + 4 = 14.

We can also list them out:

1112
1121
1211
2111
1222
2122
2212
2221
1122
1221
2211
1212
2121
2112

In conclusion, using two numbers ends up reducing the possible number of passwords.

Additional ways to help

If that weren’t enough, my friend actually brainstormed a couple of other ways to improve the password.

Actually now I can think of all kinds of brilliant maneuvers… like using three digits but tapping a phantom fourth number once the code is entered…. so there are four “tap prints” but only three which are relevant!

Or, by the same measure, you could use four independent numbers and then tap a fifth time to have 5 options for four spaces.

I think these are interesting possibilities too, but they hit me as a little less practical since you’d have to diligently tap those extra numbers to make the smudge marks.

I’ll leave it to you to figure out how many passwords those methods will yield.

Perhaps an equally valuable suggestion is to simply clean the touch-screen intermittently to erase the finger print marks and leave no clue.

Share this post:

| More

Previous post: Pay the Rent strategy on The Price is Right

Next post: Broken sticks puzzle, and a seemingly paradoxical ratio

Pingback: Tweets that mention Game theory and probability of iPhone passwords - Mind Your Decisions -- Topsy.com
Photovoltage

Or you could just clean your screen every now and again
Scott

Ideally, the security should be integrated into the device, such that extra measures are unnecessary (phantom taps, wiping the screen).

In this case, the screen should randomize the placement of the digits each time it is necessary to input the code.
Phillip

A really really simple solution to this problem: Randomize the position of the digits so that each time you unlock the phone, you are tapping a different location for the same code.

When visiting my sister in Japan I saw this system in use on a house lock. I was amazed both by the elegance of the solution and the fact that nobody else had thought to do so.
Robbie

While I agree with it, the problem with “just clean your screen each time” is that you would have to clean the screen multiple times per day. Forget to clean it once and you’re at risk.

To Scott’s point, if you randomize the location of the keys, you make it much harder for the user to unlock it on the fly via muscle memory. I wouldn’t be surprised if this caused a car accident or two.

Obviously, the current methods are imperfect but given that they are our best options available, this is a very useful post. Thanks, Presh!
http://prorecoveryinc.com Roger

Interesting, to be honest, before considering the math I thought that it would yield a less secure password. It makes sense though, both the results when using 2 and 3 numbers.

Scotts point about moving the digits seems to be a better solution though. Adds a whole new level of complication and this way, you end up with smudge marks everywhere.

Regarding the phone locks, my buddy has a phone, think it may be a droid, which lets you slide across the numbers, rather than pushing them one at a time. I think this is probably a lot less secure, because it is easy to tell by watching him from a distance what the code is, not to mention the smudge marks this likely produces..
Sauron

There’s also the possibility of just getting a screen protector. Protects against scratches *and* prevents smudges. Why doesn’t everybody do this?
Aidan

On the iPhone, using combinations of 7, 8, 9 and 0 might solve this problem as that is where the slider is, and on my phone at least, the smudges there are too thick to discern tap prints…
Scott

My efforts to generalize the above scenario:

http://mindyourdecisions.com/forum/viewtopic.php?p=48#48
https://twitter.com/maguslod Magus Dethen

My trick is to use under passcode lock on the iPhone is to turn off simple passcode, but you can use only numbers it will come up with just numbers but people would not think that you have more than 4 numbers.
KMidd

I see how the three digit code would be a tricky strategy for a Ipod combination to fool your hacker, this technique will definitly fool the average thief. Leaving extra smudges would cause oil build up in your Ipod but leaves total confusion for the numbers you have chosen. Although all these techniques are useful the technique i like the most and use myself is wiping your screen every now and again to ensure cleanliness and security.
http://etn.se Jan

I worked on this problem for access codes recently, here is an image to illustrate the three digit possibilities

https://picasaweb.google.com/lh/photo/aFRmqxmJf2UQhao2-lUwSHkuvpJ_EtbLOeJPG_GrF2c?feat=email
Akshay

It would be a lot safer if you just get an Android.
Chris

I can’t stand having smudges on my phone and wipe it down with my finger while i’m using it so there’s no glare from the light. Are people really this paranoid about their phones? If I steal your iPhone, the first thing I’m gonna do is not sit there and try to guess your password. I’m gonna format that sucker and sell it. What do people keep on their phone’s that’s worth stealing, anyway?
Simon Hibbs

A thief will just factory reset the phone anyway. All a passcode really does is prevent casual snooping or missuse of the phone. Interesting post though.
AntarYaami

Or you could use Android and swipe the code/pattern on the screenlock. Android actually scores over iPhone on this then?
Stronger iOS Password

iOS 4+
-> Settings
-> General
-> Passcode Lock
-> Simple Passcode
-> OFF
= passcode no longer restricted to 4 digit number
Frank

Isn’t the math wrong here? 4! implies that there are four numbers to choose a password from. Wouldn’t the correct number of combinations for a 4 digit pin, with no repeating numbers, be 10*9*8*7=5040?
This is not game theory

This is elementary combinatorics.
Pingback: Why You Should Repeat One Digit In Your Phone’s 4-Digit Lockscreen PIN | Lifehacker Australia
http://alicebobandmallory.com/ Anonymous

I had the same thought a while ago. Nice to see that we got the same results!

I also included some code to generate an De Bruijn sequence. You can find my, not nearly as easy read post, here: http://alicebobandmallory.com/articles/2009/09/27/a-case-for-using-only-three-different-digits-in-keypad-codes
Pingback: Why You Should Repeat One Digit in Your Phone’s 4-Digit Lockscreen PIN [Security]
Jerzy

Very interesting article but I’m having a problem with your overall premise of 4 digit passwords. You state:

There are 4! = 24 possible ways a password can be formed from four distinct and known numbers

True enough. But we can use 10 distinct numbers for our passlock combo. If we can only use a digit once, then we have 10 x 9 x 8 x 7 possible combinations, or 5040 possible combinations using a 4 digit sequence out of a set of 10 digits. Or am I missing something?

Thanks for a great article.
Gary

@Jerzy, the point you are missing is that the four numbers are identified by the smudges. So there isn’t a choice of 10,only four. Great article!
Frank

Ah, they based the number of combinations from the numbers that have finger smudges. That’s why there are only 24 possible combinations. Makes sense.
Nick Day

I wrote an article on this same idea in the 1990s (it’s still there on archive.org) but not as well written as yours. Nice to see that the idea has not died.
Nick Day

You might also like to write about those mechanical push-button combination locks, where
a) releated digits are not possible
and
b) you can enter the four digits of the combination in any order.
Rather insecure, this always seemed, to me, especially given that if you can figure out which four buttons are being pressed, you have the password.
http://alicebobandmallory.com/ Jonas ElfstrÃ¶m

@Nick I would love to read that article!
Nick Day

@Jonas
For what it’s worth, here it is; I wrote it in 1993… I forget if I had the answers correct.

A friend’s house has a burglar alarm with a ten-digit keypad which takes a four-digit number to disarm it. Unfortunately the four digits in the number are the only keys ever used, and these four digits shine out like beacons when the overhead light is on as they are worn and covered with finger grease. I suggested to him that rather than continually keeping all the keys clean, he just makes them all shiny.

If a burglar knows that the alarm needs a four digit number to disarm it, and sees four digits well-used, how many combinations must be tried before guaranteed entry?

Now, what if the key number has a repeated digit, and only three digits are shiny — how many combinations must be tried?

And what if there are two repeated digits?
Which is the most secure?

Answer:
If the four keys are known, the number of possible four-digit numbers is 24, since there are four ways to choose the first digit, three the second, and two the third.
If three keys must be used, with one digit appearing twice, the number of numbers is 36, as there are six possible layouts (aabc, abac, abca, abbc, abcb, abcc), each of which can be chosen 3x2x1x1 ways.
If only two keys are known, with two repeated digits, the number of possible numbers is 6, since there are three possible layouts (abab, aabb and abba) for each of which there are two possible combinations.
So, surprisingly, it can be safer to set up your burglar alarm to use a code number with only three different digits, rather than four!
Jerzy

To Gary:

Thanks for clearing that up. You are absolutely correct; I didn’t take into account the smudges. Now it makes perfect sense.
Phoenix

On iPhones (at least as of iOS 4), you can drag your finger across the numbers when unlocking it, similarly to the behavior Roger noted above.
Pingback: Hacking Phones Is The Easiest Thing Ever | New Orleans Technology Services Blog
Pingback: So What? Who Cares? » Blog Archive » How to avoid getting your phone hacked – Who Cares?
Adam

Or, turn off simple passcode and create a password of any length containing letters numbers and symbols.
Pingback: midweek miscellany « ramblings and other thoughts
bobby

Heh heh, well, I have a full passcode (I switched from simple passcode). Better solution than cleaning the screen (although cleaning the screen is important for other reasons), and infinite possibilities (or at least close enough as to make no difference).
Pingback: Best of Mind Your Decisions 2011 - Mind Your Decisions
Pingback: Want To Make Your iPhone’s PIN More Secure? Repeat A Digit. | TechCrunch
Uwe

Excellent Presh, nice contribution. The best way to have a secure smart phone is a BlackBerry.
Pingback: Tips Mengamankan PIN Smartphone Anda | Rumpi Tekno
Pingback: On the Security of Your iPhone Passcode | Falling Into Place
Guest

Great post. A possible way to solve this problem would be randomizing the keypad at every entry (though it might slow down a bit the interaction).
http://stephenrice.eu Stephen Rice

I saw a smartphone app that requires you to draw a shape onto a blanked out screen so that the phone appears off unless you know how to unlock it.
Pingback: Android's pattern unlock secures phones even from the FBI | Sync™ Blog
Fiona

Do you know you can turn off your simple passcode in iPhone, so that your iPhone’s password will be able to accept not only numeric value? That’ll be harder to break.

About me: Presh Talwalkar

I studied economics and mathematics at Stanford University. I believe all will be well if you use your mind for your decisions, and mind only your decisions.

Contact me: presh@mindyourdecisions.com
Math Puzzles ebook $4.99

If you like math, you'll love my ebook. It contains 70 of the best puzzles from this site in counting, geometry, probability, and game theory.

Buy the pdf from Gumroad: https://gumroad.com/l/pjHS (you pay with a credit card, get it instantly)

Or buy the Kindle version at Amazon http://www.amazon.com/dp/B007ONNCWO
Popular posts

What's the best way to divide restaurant bills fairly?

Game theory in The Dark Knight movie

How game theory solved a religious mystery

What is the difference between APR and APY?

10 things about the working world I wish I had known in college

A free spreadsheet to track your expenses
About the logo

This website's logo was created by Aditya who is the most creative graphic artist I know. I highly recommend you contact him if you or your business wants a logo. Here is his contact email.