Set up Alphanumeric Strong Password: Six-digit passcodes are no longer safe to use because of specialized forensic equipment. For example, GrayKey takes the benefit of iOS exploits to perform brute-force attacks no your passcode. Just follow our step-by-step guide to create a strong alphanumeric passcode on your iPhone or iPad. Also, it’ll elevate your security render hacking hardware like GrayKey pretty much useless.
- 1 Who Wants the Passcode?
- 2 iPhone, Passcodes, Encryption and Uncle Sam
- 3 The Secure Enclave comes to the Rescue
- 4 How to Set up Alphanumeric Strong Password on iOS
- 5 Conclusion:
Who Wants the Passcode?
While you can also use face recognition or your fingerprint besides passcode. As a security precaution the device will still need the passcode when you do the following:
- Firstly, turn on or restart your iPhone or iPad.
- Now update the iOS operating system.
- Also, Remove your device.
- See or change passcode settings.
- Install or download iOS or iPadOS Configuration profiles.
Besides Face ID and Touch ID, the passcode continues to have relevance. That’s because the encryption keys are generated from your passcode.
Note: iPad and iPhone use the key to protect your data from hackers
And in Apple’s iOS Security Guide, your passcode is also needed if the device’s just been turned on or restarted. The device can’t be unlocked for more than 48 hours. Also, you haven’t used the passcode to unlock your device for 156 hours. Furthermore, you haven’t used a biometric to unlock the device in four hours and after five unsuccessful biometric match attempts.
iPhone, Passcodes, Encryption and Uncle Sam
Law enforcement agencies (LEA) enjoyed a relationship with Silicon Valley technology until Edward Snowden’s explosive revelations. Back in 2013 Apple, Google, Yahoo, Microsoft, and Facebook provided the NSA direct access to their servers or data without a court order. Also, they do something that all of the named companies forcefully denied.
However, the launch of iOS 8 in September the following year marked an important milestone. Just because iOS 8 allowed encryption for everything saved on the device by default.
The company said at the time it would no longer be able to perform “data extractions in response to government search warrants”. Just because the files are secured by an encryption key, tied to the user’s passcode, that Apple “does not possess,”. According to Fast Company’s report providing a rare look inside a $10 million cyber lab designed to crack iPhones.
Starting in 2015, Apple begins enforcing six-digit passcodes due to four-digit ones were no longer safe. A four-digit passcode can also be cracked with 10,000 random sequences. Also, a device like GrayShift’s GrayKey can try 10,000 permutations in under ten minutes.
By comparison, a six-digit passcode boasts the whole permutations to one million. They need GrayKey less than 24 hours to run through all the possible combinations. Devices like GrayKey take benefit of iOS exploits to bypass the code that mounts the delay after failed passcode attempts.
Also, the iOS software can be hacked, the iPhone’s Secure Enclave cryptographic coprocessor has so far proved itself unbeatable. Besides storing the encryption keys and encrypting/decrypting files on the fly. The Secure Enclave takes 80 milliseconds to complete each passcode guess.
The Secure Enclave comes to the Rescue
So when devices like GrayKey can try different passcodes per second, the Secure Enclave delay (enforced in hardware) limits the number of tries to about twelve per second.
As Apple itself explains:
The passcode is engaging with the deviceʼs unique ID (UID). So brute-force attempts must be performed on the device under attack. The lots of iteration count to make each attempt slower.
We measure iteration count so that one attempt takes 80 milliseconds. Also, it means it would take more than five and one-half years. Just to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.
Daring Fireball’s John Gruber sums it up nicely:
It’s the save Enclave that evaluates a passcode and controls encryption and the 80 millisecond processing time for a passcode. Also, evaluation is not an artificial limit that could be set to 0 by hackers. It’s a hardware limitation, not software.
So, if you’re tense about any of this, the answer is quite easy: use an alphanumeric passphrase to unlock your iOS device, not just a six-digit numeric passcode.
Besides, six-digit iPhone passcodes have been unable to offer protection against hacking devices like GrayKey. Also, it’s been suggested that iOS 12.1.2 and later render GrayKey and quite similar devices useless, the jury is still out there as to whether the latest exploits may have been found that could prove helpful to law enforcement agencies.
How to Set up Alphanumeric Strong Password on iOS
Do the following to create an arbitrary-length alphanumeric passcode in iOS.
On your iPhone X and later or iPad with Face ID, visit Settings → Face ID & Passcode. On your iPod touch and earlier iPhone models, just navigate to Settings → Touch ID & Passcode. Also, on devices without Touch ID, venture into Settings → Passcode.
Input your passcode to continue.
Also, if no passcode has been set up on this device, click Turn Passcode On. Alternatively, click Change Passcode to switch from your current passcode to the more secure alphanumeric code option.
Input your old passcode again to continue with this action.
Now click Passcode Options on the bottom of the interface. Then select the choice Custom Alphanumeric Code from the popup menu. However, you can also select to create a custom numeric code. Or switch back to the least secure 4-digit passcode, but doing so will weaken your security.
Also, Input a custom alphanumeric code, then click Next.
Type in your new passcode again, then press Next to have it verified and start using it.
Calm down! It may take some time for the device to save the new passcode. While iOS may appear unresponsive during that time. You just wait for a few seconds and everything will be back to normal.
All done! That’s how you create an arbitrary-length, strong alphanumeric passcode on iPhone and iPad. Congratulations, now you safe with your custom alphanumeric passcode.
We also suggest you enable the option to have the iOS device quickly ask for your alphanumeric passcode when you lock the screen.
Here’s all about Set up Alphanumeric Strong Password. For further queries and questions let us know in the comments section below. Also, drop a comment if you want to share anything else. You may also sound off in the comment section! 👀
Till then! Keep Smiling 😎