How to Create a More Secure Passcode on Your iPhone or iPad

Thursday February 18, 2016 11:10 AM PST by Juli Clover

iphonecreateapasscodeApple's iPhones have long been protected by numeric passcodes, giving iOS users a way to protect keep their devices safe from hackers and prying eyes. Over the years, passcodes have been supplemented by Touch ID, Apple's fingerprint recognition system, but the passcode is still the iPhone's main line of defense.

A passcode is required to set up Touch ID, and Touch ID is automatically disabled after 48-hours until a passcode is input by an iPhone or iPad's owner. In the United States, passcodes are especially important because the law suggests that while law enforcement officers can require you to provide a fingerprint to unlock a device, the same is not true of a passcode.

For a long time, passcodes were four-digit numeric codes by default, but with iOS 9, Apple began using a six-digit passcode as the default option. Six-digit passcodes offer 1 million possible combinations instead of 10,000, making a passcode harder to crack.

Apple doesn't advertise it, but the iOS operating system offers an option to make your passcode even more secure through the use of an alphanumeric passcodes or custom length numeric passcodes. Alphanumeric passcodes contain letters and numbers. Both alphanumeric and custom numeric passcodes can be much longer than four or six digits.

Passcodes are currently in the spotlight because of an ongoing security debate between Apple and the FBI. Apple has been ordered to help the FBI access data on the iPhone 5c owned by one of the shooters involved in the 2015 San Bernadino attacks.

To do so, the FBI has asked Apple to create software that would eliminate the iOS feature that erases an iPhone after 10 failed passcode attempts, removes the time limits between passcode entries, and allows passcodes to be input electronically. Apple is opposing this order and it's not clear how the issue will play out, but should the FBI gain a tool to access iPhones in this manner, it would take just upwards of a half an hour to break into a phone with a 4-digit passcode. With an alphanumeric passcode, such a tool would be next to useless because of the sheer amount of time it would take to guess a passcode with millions of possible combinations.

Creating an Alphanumeric Passcode

Creating an alphanumeric passcode is a process that can be done with a few taps and about five minutes of your time.

creatinganalphanumericpasscode

  1. Open the Settings app on your iPhone or iPad.
  2. Scroll down to "Touch ID & Passcode" and tap on it.
  3. If you already have a passcode enabled, you will need to enter it to access the passcode options.
  4. Select "Change Passcode" and enter your existing passcode again.
  5. At the screen where you're asked to enter a new passcode, tap on "Passcode Options" located just above the numbered.
  6. Choose "Custom Alphanumeric Code." You can also select "Custom Numeric Code" for a number-only passcode.
  7. Enter your chosen passcode. It can include numbers, letters, and symbols.
  8. Tap "Next."
  9. You'll be prompted to enter the same passcode again to verify the spelling. Enter it again and tap "Done."

After entering an alphanumeric passcode or changing your passcode, Apple will prompt you to use the new passcode as your iCloud Security Code, which is used to protect passwords stored in iCloud Keychain. Click on "Use Same Code" to change it or "Don't Change Security Code" to continue using your old passcode.

passcodeicloudsecuritycode
With an alphanumeric passcode set on an iPhone, instead of a number pad to enter a numeric passcode, you'll see a full QWERTY keyboard complete with access to numbers, letters, and symbols.

alphanumericpasscode
While not as convenient as a simple number code, an alphanumeric password can be harder to crack and just as easy to remember if you use randomly generated combinations of words. For example, "sarcasm-blacken-guilder-epilepsy" or "stitch-quasi-peppery-tuneless," two password phrases generated by 1Password, aren't difficult to remember because they're simple words, but with upwards of 29 characters, they're impossible to guess or brute force. Using an alphanumeric passcode will be more of a hassle than a standard passcode, but with Touch ID, a passcode doesn't need to be entered too often.

Any alphanumeric code used to protect an iPhone should be unique set of words or numbers that are not used for other products, services, or websites, which will make it impossible to obtain through social engineering or phishing attempts.

Top Rated Comments

(View all)
Avatar
54 months ago

Doesn't matter when the FBI gets their way and gets the backdoor they have been itching for.

That is up to you and I. Apple has stuck their neck out. Now the government is quietly trying to cut their head off. They only way they, the government win, is if you an I are silent and don't say anything. Now is the time to call and write and tweet, and make whatever noise can be made because next month will too late.
Score: 6 Votes (Like | Disagree)
Avatar
54 months ago
I'd love an app that when I removed my Apple Watch, it turned off thumbprint on all my devices and required the passcode.
Score: 3 Votes (Like | Disagree)
Avatar
54 months ago
I was not aware that I could be compelled to unlock my phone via fingerprint but not passcode.
Score: 3 Votes (Like | Disagree)
Avatar
54 months ago

For it to be effective, against the FBI, NSA etc. tryimg to brute force your phone (assuming they get through the courts) you would need to not be iCloud enabled with anything you don't want the Feds to have (Apple can give them access to all that via a warrant) and be backing up locally (not in iCloud) as well as synching locally on your computer via iTunes.


Not to mention that the local backups of the phone would need to be encrypted. iTunes offers encryption for them as an option.

Another alternative would be to encrypt the whole disk with something like FileVault 2 (built into OS X), but then you'd also need to encrypt any backups of your computer you maintain - on a TimeCapsule, for instance. They remain unencrypted even if the computer's disk is encrypted, unless you specifically encrypt the backups too.
Score: 3 Votes (Like | Disagree)
Avatar
54 months ago

Doing this since my ip5s , would like to see some stats on 80ms delay, number of digits and the time it takes to brute force it , also , can the 80 ms be ****ed with?


You can do the math: 80ms * 10,000 attempts is 800 seconds, or 13.33 minutes. If you increase it to 6 digits, that's 80,000 seconds or 22.22 hours.

However, the significance of 80ms depends on the iPhone model, or more specifically -- the processor. iPhone 5c or earlier used an A6 processor or earlier. iPhone 5s or later uses an A7 or later processor.

The earlier iPhones (since the 3G, I think) with A6 and earlier enforce the 80ms per attempt by requiring the password to be run through PBKDF2 with enough iterations that it requires 80ms on the encrypted device. Each iteration, it does an operation that uses the device UID burned into the processor at manufacturer.

The device UID can't be read directly. So, a brute-force attack on any other device but the specific encrypted iPhone would require brute force search of the device UID keyspace as well. The device UID is a 256-bit AES key, making this difficult in a reasonable amount of time, or at a reasonable cost.

The later iPhones with the A7 and later added a Secure Enclave. This enforces a limit that changes with the number of consecutive failed attempts. The first 4 attempts, there is no delay. After that, it increases rapidly to as much as 1 hour after 9 attempts. The Secure Enclave even enforces this limit if the device is restarted (and presumably includes a power-cycle).

Unless you choose an easily-guessed 4-digit passcode, it would take over a year to search the entire 10,000 key space, at 1 hour per attempt.

You can find this in https://www.apple.com/business/docs/iOS_Security_Guide.pdf, on page 12.

There have been unconfirmed claims that Apple says they could still compromise the Secure Enclave with a backdoor'ed iOS. But, that seems to contradict their security guide, and I can't imagine why they would go through all the effort to implement a vulnerable Secure Enclave. So, I'm waiting to see an authoritative citation.
Score: 2 Votes (Like | Disagree)
Avatar
54 months ago
Score: 2 Votes (Like | Disagree)

Top Stories

Apple Releases iOS and iPadOS 13.4 With New Mail Toolbar, iCloud Folder Sharing, Trackpad Support for iPad and More

Tuesday March 24, 2020 9:56 am PDT by Juli Clover
Apple today released iOS and iPadOS 13.4, the latest major updates to the iOS 13 operating system that was released in September. iOS and iPadOS 13.4 come two months after the release of iOS and iPadOS 13.3.1 with Screen Time Communication Limits. The iOS and ‌iPadOS‌ 13.4 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to...

Apple Releases macOS Catalina 10.15.4 With Screen Time Communication Limits and Real-Time Apple Music Lyrics

Tuesday March 24, 2020 10:21 am PDT by Juli Clover
Apple today released macOS Catalina 10.15.4, the fourth update to the macOS Catalina operating system that was released in October. macOS Catalina 10.15.4 comes a couple of months after the release of macOS Catalina 10.15.3. macOS Catalina 10.15.4 can be downloaded from the Mac App Store for free using the Update feature in the System Preferences app. The macOS Catalina 10.15.4 update...

Hands-On With Apple's New Smart Keyboard Folio for the 2020 iPad Pro Models

Tuesday March 24, 2020 12:38 pm PDT by Juli Clover
Apple last week introduced new 11 and 12.9-inch iPad Pro models, which are set to arrive in the hands of customers starting this week. Apple introduced a nifty new Magic Keyboard with trackpad alongside the new iPad Pro models that's coming in May, but it also debuted a new Smart Keyboard Folio, which is available now. We picked up the Smart Keyboard Folio for the designed for the 2020 iPad...

Apple Helps Source Over 10 Million N95 Masks for Healthcare Providers in the U.S.

Wednesday March 25, 2020 10:25 am PDT by Juli Clover
Apple over the weekend announced plans to donate millions of N95 masks to hospitals in the United States and Europe, and according to Apple CEO Tim Cook, Apple has been able to source more than 10 million N95 masks in the U.S. and millions more in Europe. Apple CEO Tim Cook said on Saturday that Apple was aiming to donate supplies to healthcare providers fighting COVID-19, and clarified...

Apple Considering Delaying iPhone 12 Launch 'by Months'

Wednesday March 25, 2020 12:51 pm PDT by Juli Clover
Apple is preparing to delay the launch of the 2020 iPhones expected to be equipped with 5G technology, according to sources with knowledge of Apple's plans that spoke to Japanese news site Nikkei. Apple has reportedly held internal discussions about the possibility of delaying the launch "by months" over fears of how well iPhones would sell in the current situation, and supply chain sources...

2020 iPad Pro Unboxing Videos and First Impressions

Tuesday March 24, 2020 5:34 am PDT by Joe Rossignol
Apple last week introduced new iPad Pro models with an similar performing A12Z Bionic chip, an Ultra Wide camera for 0.5x zoom, and a LiDAR Scanner for enhanced augmented reality. The new iPad Pro models will begin arriving to customers and go on sale at select stores starting tomorrow, and ahead of time, the first unboxing videos have surfaced. The new iPad Pro models will be compatible with A...

Hands-On With the New 2020 12.9-Inch iPad Pro

Wednesday March 25, 2020 2:10 pm PDT by Juli Clover
Apple last week announced new 11 and 12.9-inch iPad Pro models, and as of today, the new iPads are arriving to customers. We picked up one of the new 12.9-inch models and checked it out to see just what's new and whether it's worth buying. Subscribe to the MacRumors YouTube channel for more videos. When it comes to design, the new iPad Pro models are identical to the 2018 iPad Pro models, but ...

Mobile Networks in Multiple Countries Display 'Stay Home' Message When Users Connect to Cellular Instead of WiFi

Tuesday March 24, 2020 3:46 pm PDT by Juli Clover
iPhone users in several countries who disconnect from WiFi on their devices will see a "Stay Home" message at the top of the Control Center where cellular network information is displayed. Image via Matt Navarra According to reports on Twitter, the status bar messages are showing up in countries that include Germany, Belgium, United Arab Emirates, Peru, Turkey, India, Luxembourg, Romania,...

Apple Releases tvOS 13.4 for Fourth and Fifth-Generation Apple TV Models

Tuesday March 24, 2020 9:53 am PDT by Juli Clover
Apple today released tvOS 13.4, the third major update to the tvOS operating system that runs on the fourth and fifth-generation Apple TV models. tvOS 13.4 comes a couple of months after the release of tvOS 13.3.1. tvOS 13.4, a free update, can be downloaded over the air through the Settings app on the Apple TV by going to System > Software Update. Apple TV owners who have automatic software ...

Benchmarks Suggest New iPad Pro's A12Z Chip is Nearly Identical to A12X in 2018 iPad Pro

Monday March 23, 2020 7:18 pm PDT by Juli Clover
One of the new 2020 iPad Pro models equipped with an A12Z chip arrived early to a Reddit user, who did some benchmarking tests to see how it performs. In a Geekbench 5 test, the 11-inch 2020 iPad Pro earned a single-core score of 1114 and a multi-core score of 4654, which is close to the Geekbench scores of the 11-inch iPad Pro from 2018. The 11-inch iPad Pro has an aggregate single-core G...