That’s how long it takes to crack your smartphone

Hopefully you’ve secured your smartphone with a code, fingerprint or Face ID. But that alone is not enough. Because with the right technology, experts can crack your smartphone – within minutes. Fortunately, you can change that.

The security of smartphones is such an issue. Actually, all users know that it is important to protect your own device with a password, a fingerprint or even face recognition.

On the other hand, there is man’s greatest problem: his laziness. Even if a user knows that an eight-digit password is significantly better than a four-digit one, the perceived effort in comparison to the added value is not great enough to be active.

Cracking a smartphone: This is how long an exploit technology takes

It makes sense that you take the time to set a (secure) password. Because what is certain in this case is a subject for an entire novel.

In short, the security increases with the number of characters and the (special) characters used. Or to put it another way: Anyone who wants to crack your smartphone – and that in a violent way – is annoyed by every additional number.

In 2018, cryptography expert Matthew Green calculated how long it would take a technology like Graykey to decrypt your password. The researcher is referring to iPhones and their numeric code.

For example, Graykey’s hacking technology requires a maximum of 13 minutes for a four-digit password. The average is 6.5 minutes . With six digits, the value rises to 22.2 hours in the worst case and 11.1 hours on average. These values ​​are still comparatively low.

With eight digits, the worst value is already 92.5 days. The average is 46 days . And with ten digits, the worst case decryption takes 9,259 days. That’s more than 25 years . Even the average is incredibly high at 12.6 years.

Use letters, numbers, and special characters

Both iPhones and Android smartphones now offer the option of defining individual codes of any length. That means: In addition to numbers (ten options per position), you can also use letters (26 options per position) and special characters (variable options per position) – and that makes a huge difference.

This can be calculated nicely using a simulated brute force attack . With their help you can, for example, crack a password. This software then generates more than 2.1 billion different keys per second.

This technology can only be transferred to smartphone codes to a limited extent. Nevertheless, the comparison is interesting from a security perspective.

The brute force software only needs 4.7 seconds for a ten-digit number code . A letter code made of lower case letters comes to 18.3 hours . If capital letters are also used, we are already at 2.13 years .

And the best protection to prevent strangers from cracking your smartphone is a combination of numbers, lowercase and uppercase letters. A ten-digit code corresponds to a time of 12.4 years . Of course, the value increases significantly again with special characters.


Basically – and certainly also a bit simplified – it can be said: the longer your smartphone code is and the more different characters it contains, the more secure your device is. That’s why you should take action now. Because who wants strangers to crack their smartphones? Exactly: nobody.