Updated
Updated · Android Authority · Jul 1
Android 17 Caps Failed Lock-Screen Guesses at 20, Tightening PIN Rate Limits
Updated
Updated · Android Authority · Jul 1

Android 17 Caps Failed Lock-Screen Guesses at 20, Tightening PIN Rate Limits

2 articles · Updated · Android Authority · Jul 1

Summary

  • Google has cut Android’s failed PIN and password ceiling to 20 attempts in Android 17, replacing a far looser system that once allowed up to 1,800 guesses over five years.
  • Six wrong entries now trigger much faster throttling—rising to just seven within six minutes, eight within 25 minutes, 12 over 24 hours, and 19 across five years before the final block.
  • Duplicate wrong entries no longer count against the limit, letting users who repeat the same mistaken PIN avoid burning attempts while seeing a message explaining the exemption.
  • Android 17 also makes lockouts easier to navigate with clearer wait-time messages such as minutes instead of seconds, plus a lock-screen recovery shortcut for account help from another device.
  • Google says the stricter policy targets attackers who exploit common PIN choices and personal details like birthdays or anniversaries to improve their odds.

Insights

After 20 failed PIN attempts on Android 17, are you permanently locked out of your phone and data forever?
Android 17's lock screen is tougher, but can a USB cable still defeat it on millions of devices?