Android 17 also replaces countdown timers with easier-to-read lockout messages and introduces a recovery shortcut on the lock screen.
Android 17 limits failed PIN attempts more aggressively
Google is introducing stronger lock screen protections in Android 17 to make PIN and password guessing attacks less effective. The update combines stricter limits on failed unlock attempts with new safeguards for legitimate users, while also simplifying the recovery process after a lockout. It is designed to strengthen device security on supported Android devices without affecting normal day-to-day use. Google has also updated how lockout information is displayed and added quicker access to account recovery options.
Google's Community Engagement Manager for Android, Mishaal Rahman, said in a post on X that Android 17 reduces the number of failed PIN and password attempts allowed before progressively longer lockout periods take effect. The operating system now permits up to six incorrect guesses in the first minute, seven within six minutes, eight within 25 minutes, 12 over 24 hours and 19 across five years. By comparison, earlier Android versions allowed up to 10, 20, 50, 110 and 1,800 attempts over the same periods.
No additional unlock attempts are accepted after 20 failed PIN or password entries. This cap significantly reduces the scope for repeated guessing attacks using commonly chosen credentials.
Google has also added duplicate-guess detection for users who accidentally enter the same incorrect PIN or password multiple times. Repeated entries with the same incorrect credentials will no longer count as separate failed attempts. Instead, the system recognises the duplicate entry and displays a message explaining why it has not been counted.
Android 17 also changes how lockout timers are presented. Instead of displaying the remaining time in seconds, the lock screen now shows easier-to-read messages using minutes or other time units. For example, users will see "Try again in 30 minutes" instead of a countdown showing 1,800 seconds.
Google has also added a recovery shortcut to the lock screen. The link directs users to account recovery resources they can access from another device if they are unable to unlock their phone.
The Mountain View-based tech giant first announced the enhanced lock screen protections during The Android Show: I/O Edition in May. The feature builds on security changes introduced with Android 16 QPR2 and will continue in Android 17 on supported devices. The updated policy is intended to make PIN and password guessing attacks more difficult while making accidental lockouts easier for legitimate users to recover from.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.