Recently a colleague of mine set down his passcode-secured iPhone on the desk we were sitting at. As I was marveling at how smudged the screen was from his constant use, I noticed that among the various smudges I could clearly see four distinct fingerprints, whose positions I realized revealed the four numbers he used for his passcode lock. The passcode lock is a feature of the iPhone that, when enabled, requires the user to enter a four-digit code to unlock the phone. It’s a great feature to keep your contacts, email, and account secure should your iPhone get lost or stolen. But because you have to type in your passcode every time you use the phone, the four fingerprints over those numbers can easily become the most distinct marks among the smudges.
With the four digits of a passcode known, there are only 24 possible combinations to try in order to find the correct one.* Now, the iPhone is designed so that after six unsuccessful attempts at entering the passcode, you must wait one minute before it will let you try again. After that, the waiting period increases each time to 5 minutes, 15 minutes, 1 hour, and 4 hours. Additionally, you can set up your iPhone to completely erase itself after ten unsuccessful attempts. But even with ten tries, there’s still a significant chance that a patient iPhone thief could unlock your phone if your four digits are known.
The simple solution? Remember to wipe your phone’s screen on your pants leg or shirt after each use. With one action, you change the odds of someone figuring out your passcode from 1 in 24 to 1 in 10,000. Now, I’m not aware of a rash of iPhone thieves who are figuring out people’s passcodes this way, but keeping your phone’s screen clean seems like an simple way to keep it more secure.
*Footnote for the mathematically minded: If the passcode contains a digit that appears twice, you would only see three smudges. If you can’t tell which is the repeating digit, the odds of typing in the right combination become 1 in 48. So it’s actually slightly more secure to repeat one of the digits in your code. That is, unless you can tell which digit was repeated: For instance, if one smudge is larger than the other two, in which case the odds become a mere 1 in 12.