Use only 3 unique digits in a 4-digit PIN for more security
Security expert, Karl Sigler, presents an interesting look into what a potential attacker sees and how math is on their side when a user uses 4 unique digits. In his article, Sigler points out that the residue from our fingers often leaves visible traces on the glass that narrows down the digits used in the PIN.
play. If there are exactly 4 digits in a PIN and you have access to all 4 of them, there are only 24 possible combinations. That combined with the knowledge that most people use a visual pattern or a significant number, such as a date, it becomes quite easy to crack a PIN.
When changing that PIN to repeat one number, so for example let’s say the smudge marks on the phone are over 6, 8, and 9, the attacker now needs to determine which number is the one that repeats. This small change now makes the number of possible PINs rise to 36, which is a 50% improvement in security of a unique 4-digit PIN.
While this won’t protect you in a case of theft, it may buy you some time in a case when a nosey coworker, friend, or family member attempts to brute force into your phone while you step away for a few minutes.
source: Skeleton Key Security via Geek