Hopefully you have secured your smartphone with a code, via fingerprint or Face ID. But that alone is not enough. With the right technology, experts can crack your smartphone – within minutes. Fortunately, you can change that.

The security of smartphones is such an issue. In fact, all users know that it is important to protect their own device with a password, a fingerprint or even face ID.

However, this is in contrast to the biggest problem of mankind: his laziness. Even if a user knows that an eight-digit password is much better than a four-digit password, the perceived effort compared to the added value is not great enough to become active.

Smartphone cracking: This is how long an exploit technology takes

It makes sense to take your time and set a (secure) password. Because what is secure in this case is a topic for a whole novel.

Shortened displayed, however, the security increases with the number of characters and the used (special) characters. Or to put it another way: So if you want to crack your smartphone – and you do so in a violent way – you will be annoyed by every additional number.

As early as 2018, cryptography expert Matthew Green calculated how long it would take a technology like Graykey to decrypt your password. The researcher is referring to iPhones and their numerical code.

For example, Graykey’s hacker technology takes a maximum of 13 minutes to decrypt a four-digit password. On average, it takes 6.5 minutes. With six digits, the value increases to 22.2 hours in the worst case and 11.1 hours on average. These values are still relatively low.

With eight digits the worst value is already 92.5 days. The average is 46 days. And with ten digits, the worst case decryption takes 9,259 days. That is more than 25 years. Even the average value of 12.6 years is incredibly high.

Use letters, numbers and special characters

In the meantime, both iPhones and Android smartphones offer the possibility to define individual codes of any length. That means: Besides numbers (ten options per digit), you can also use letters (26 options per digit) and special characters (variable options per digit) – and that makes a huge difference.

This can be nicely calculated using a simulated brute force attack. You can use this to crack a password, for example. This software then generates more than 2.1 billion different keys per second.

This technology can only be transferred to smartphone codes to a limited extent. Nevertheless, the comparison is interesting with regard to security.

For example, brute-force software needs only 4.7 seconds for a ten-digit numerical code. A lower-case letter code takes 18.3 hours after all. If capital letters are then also used, we are already at 2.13 years.

And the best protection against strangers cracking your smartphone is a combination of numbers, lower and upper case letters. Here, a ten-digit code covers a period of 12.4 years. Of course, special characters increase the value significantly.


Basically – and certainly in a somewhat simplified way – the longer your smartphone code is and the more different characters it contains, the more secure your device is. That is why you should become active now. Who wants strangers to crack their smartphone? Exactly: Nobody.