Overview
- Google confirmed on Wednesday that Android 17 enforces much stricter failed-unlock limits and stops any further PIN or password attempts after the 20th consecutive wrong entry.
- The new limits tighten attempt windows to six wrong tries in the first minute, seven within six minutes, eight within 25 minutes, twelve within 24 hours, and 19 over five years before the final block on the 20th.
- To reduce accidental lockouts, Android 17 ignores repeated identical wrong entries, shows human-readable wait messages like “Try again in 30 minutes,” and adds a lockscreen shortcut to account-recovery options.
- Google will let devices running Android 12 and newer optionally show the device IMEI on the lockscreen to help carriers, manufacturers or police verify ownership, and users can disable this in settings.
- Security researchers and agencies say the change matters because many people use predictable PINs, so cutting attempts is one layer of defense that should be paired with strong unlock methods, SIM-PIN and device encryption.