Android 17 drops lockscreen guess limits from 1,800 to 20 — here's what that means for you

Android 17 logo on a Google Pixel 9 Pro
(Image credit: Sanuj Bhatia / Tom's Guide)

Google first confirmed that Android 17 would be getting stronger lock screen protections back at Google I/O, but the specifics of those protections haven't been made very clear. Now we know exactly what Google has planned, and it's going to make trying to bypass Android's lockscreen a lot harder for potential snoops.

Mishaal Rahman, who works in Community Engagement for Android, has confirmed these details on X. To be honest, while we expected Google to make significant changes, I'm surprised that things have gone quite this far.

If your phone is running Android 16, you'll be allowed up to 10 PIN guesses in the first minutes, 20 within six minutes, 50 in 25 minutes, 110 over a 24-hour period and 1,800 guesses over five years. Android 17 reduces this significantly, with six guesses in the first minute, which increases to seven in six minutes, eight within 25, 12 over the course of 24 hours and just 19 guesses over the course of five years.

Latest Videos From

After 20 incorrect guesses, your phone will be locked down. This is not a whole lot of opportunities to guess a four to six-digit passcode, but from a security standpoint, that makes a lot of sense. The fewer guesses potential hackers have, the harder it is for them to successfully access your phone.

Apparently, old limits let hackers take advantage of the fact that people gravitated towards common passcodes, rather than random ones. Should someone know more personal information, such as birthdays or other key dates, then their odds of cracking into your phone are significantly higher. Having several hundred attempts just meant it would be a matter of time before they got in.

There are protections for your own mistakes

Android 17 badge superimposed on a Google Pixel phone

(Image credit: Google)

Google will be adding duplicate guess detection, starting with the Android 16 QPR2 update. When switched on, this feature stops duplicate guesses from being counted towards your total. In other words, you can type in "1234" as many times as you like, and it will only count as a single incorrect guess. Android will point out that you've been typing in the same wrong PIN as well.

If your passcode actually is 1234, you'd better change that pronto. The only way your phone could be more insecure is if you didn't have a passcode at all.

If you somehow enter 20 incorrect PINs all by yourself, the Android 17 lock screen will feature a recovery shortcut that lets you access different recovery options on a new device. Details on this haven't been specified, but that presumably means you won't be locked out of your phone forever simply because your annoying cousin deliberately entered the wrong passcode several times.

Presumably, the number will also reset every time you correctly enter a passcode. That way, you don't get 20 guesses for the entirety of your phone's lifespan — because that would be plain ridiculous.

Android 17 is available on select devices right now, including Google's Pixel lineup.


Google

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Subscribe to Tom's Guide on YouTube and follow Tom's Guide Entertainment on TikTok and Instagram. Finally, you can visit our dedicated Tom's Guide Savings Squad hub for expert help on getting the best products for less.


More from Tom's Guide

TOPICS
Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.