Why You Should Repeat One Digit In Your Phone’s 4-Digit Lockscreen PIN

Why You Should Repeat One Digit In Your Phone’s 4-Digit Lockscreen PIN

Repeating one digit of a 4-digit PIN can mean the difference between a phone that’s safer and a phone that can be unlocked at a glance.

Photo via Ars Technica.

With a passcode, it is often very obvious which numbers you have tapped because of the finger smudges, but you don’t know the order those numbers were tapped. A PIN limited to 4 unique numbers only has 24 possible combinations, but a PIN with three uniques and one repeated number has 36—which means those fingerprint smudges of yours won’t betray you quite so easily. Just be sure the PIN you do use isn’t 1998.

Game theory and probability of iPhone passwords [Mind Your Decisions via Hacker News]


  • Actually, I think 3 unique and one that is repeated is correct – the three numbers are themselves unique from each other, one of which is then repeated.

    2 unique and 2 repeated would also be correct.

    2 unique and an identical would not be correct – this would imply a set of three, with 2 unique numbers, and one identical to one already in the set.

  • “A PIN limited to 4 unique numbers only has 24 possible combinations”
    Eh? 10x9x8x7=5040. You seem to be confusing 4 digit PINs with 4 usable digits, e.g. 1-4 available rather than 0-9 as is available on most phones. With phones the “repeating digit” would give you 10x10x9x8=7200. Still a greater number of combinations but even the lower number is going to take one hell of a long time to crack given that most phones lock you out for several minutes after a number of incorrect tries.

    • Greame, you already know what numbers are used in the PIN, so the probability is not into the thousandths.

      What is said is that given any four unique numbers, there are 24 ways these numbers can be arranged.

      However, given three unique numbers with a repeat in a four digit sequence, there are an additional 12 ways this can be arranged, as you don’t know which number is repeated.

      • Having said that, if you can work out the repeated digit through excessive smudging, it reduces the possible combinations down to 12 in total, which is less secure than it was to begin with.

        Perhaps time to move to a longer PIN.

    • Sorry Graeme, re-read the article… The 4 possible digits are already known, so it’s only 4x3x2x1 = 24

      Although with the suggested method, don’t you have 3x3x2x1 = 18, not 3x3x2x2 = 36

      • Nope. You halve the possibilities when going from ABCD to ABCC, but the person trying to gain access doesn’t know which of the three keys is the repeated one, tripling the possibilities again.

        It goes from 4x3x2x1 to (1x(3x2x1)+2x(2+1))x3.

  • well if you want to stump ’em just punch in your four digets (one being repeated if you want) and always press a fifth (which gets ignored).

  • Hmmm? How about you just constantly run your finger tips across the screen after entering the pin and smudge the smudges… or am I missing something.

  • This is not just about finger smudges, but if someone is watching over your shoulder as you type in the PIN. If you are subtle or deceptive about it, it is harder to observe which number your fingers have tapped twice.

Show more comments

Log in to comment on this story!