[lucb1e]

From the article:

> Utterly staggering at the lack of imagination ... nearly 11% of the 3.4 million passwords are 1234 !!!

Not so staggering. Those people probably did not want a PIN to begin with. I know someone with the PIN 1234. Why does she have a PIN at all? Because the phone requires it to store Exchange credentials (if I remember correctly). I've suggested it changing it to 1111 because it's even faster to type, but she never got around to it.

I too have a pattern lock, the simplest one I could come up with. Easily broken. Why? It's required to store VPN credentials in Android.

And there is a second advantage: by trying a PIN, even a default one, you are gaining unauthorized access to an automated system. This is illegal by Dutch law, even if the only security was a warning message on the lock screen saying "Do not unlock."

[kalleboo]

For a while I had a my iPhone set to 0000 just so I wouldn't have to enter my strong 16 character Apple ID password every time I entered "find my friends".

Now that I have TouchID I can use a strong password for unlock since I don't have to enter it every 30 seconds

[wampus]

I believe it's up to the Exchange admin to require a PIN or remote wipe capability, so it will vary from site to site.

One workaround is to use IMAP, if available (also up to the admin), but you lose the calendar capability, which is arguably the killer feature of Exchange.

Another workaround is to increase the time your phone will require a password after inactivity to something large, like 30 minutes or an hour. You still have to enter a PIN once in a while, but it's more convenient and will still be effective in some cases when lost or stolen.