Get all your news in one place.
100's of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Tom Pritchard

Android 17 drops lockscreen guess limits from 1,800 to 20 — here's what that means for you

Android 17 logo on a Google Pixel 9 Pro.

Google first confirmed that Android 17 would be getting stronger lock screen protections back at Google I/O, but the specifics of those protections haven't been made very clear. Now we know exactly what Google has planned, and it's going to make trying to bypass Android's lockscreen a lot harder for potential snoops.

Mishaal Rahman, who works in Community Engagement for Android, has confirmed these details on X. To be honest, while we expected Google to make significant changes, I'm surprised that things have gone quite this far.

If your phone is running Android 16, you'll be allowed up to 10 PIN guesses in the first minutes, 20 within six minutes, 50 in 25 minutes, 110 over a 24-hour period and 1,800 guesses over five years. Android 17 reduces this significantly, with six guesses in the first minute, which increases to seven in six minutes, eight within 25, 12 over the course of 24 hours and just 19 guesses over the course of five years.

After 20 incorrect guesses, your phone will be locked down. This is not a whole lot of opportunities to guess a four to six-digit passcode, but from a security standpoint, that makes a lot of sense. The fewer guesses potential hackers have, the harder it is for them to successfully access your phone.

Apparently, old limits let hackers take advantage of the fact that people gravitated towards common passcodes, rather than random ones. Should someone know more personal information, such as birthdays or other key dates, then their odds of cracking into your phone are significantly higher. Having several hundred attempts just meant it would be a matter of time before they got in.

There are protections for your own mistakes

(Image credit: Google)

Google will be adding duplicate guess detection, starting with the Android 16 QPR2 update. When switched on, this feature stops duplicate guesses from being counted towards your total. In other words, you can type in "1234" as many times as you like, and it will only count as a single incorrect guess. Android will point out that you've been typing in the same wrong PIN as well.

If your passcode actually is 1234, you'd better change that pronto. The only way your phone could be more insecure is if you didn't have a passcode at all.

If you somehow enter 20 incorrect PINs all by yourself, the Android 17 lock screen will feature a recovery shortcut that lets you access different recovery options on a new device. Details on this haven't been specified, but that presumably means you won't be locked out of your phone forever simply because your annoying cousin deliberately entered the wrong passcode several times.

Presumably, the number will also reset every time you correctly enter a passcode. That way, you don't get 20 guesses for the entirety of your phone's lifespan — because that would be plain ridiculous.

Android 17 is available on select devices right now, including Google's Pixel lineup.

More from Tom's Guide

Sign up to read this article
Read news from 100's of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.