Risky Bulletin Newsletter
July 06, 2026
Risky Bulletin: Android drops PIN guessing limit from 1,800 attempts to just 20
Presented by
News Editor
Android 17, released last month, has shipped with stricter protections against lockscreen PIN and password guessing attacks.
Google has reduced the maximum number of failed attempts from 1,800 to just 20, and the timeouts between failed attempts are now way more aggressive.
The previous Android 16 allowed ten wrong guesses in the first minute, which increased up to 1,800 across five years.