It is unlikely that you tell everyone what your iPhone passcode is. For sure, you keep it secret, just like the PIN code of your bank card. But what if we tell you that your iPhone passcode can be guessed in just a few hours, maybe even minutes?
This is all simple mathematics. It has long been turned into a weapon against those who do not voluntarily reveal their passcode. Mathematics works both ways, and therefore such a weapon has one weak point – time. We strongly suggest you change the passcode to the one that we will tell you about in this article. One’s life will not be enough to crack it.
Why is the iPhone passcode a hot topic in the media?
We will tell you a fascinating story about the war between the FBI and Apple. For many years, the FBI has been demanding that Apple provide the security services with a ready-made solution for hacking all modern models of Apple gadgets. Apple ignores the FBI's plea because such decisions will sooner or later become used by not only other states but also attackers and cybercriminals, which will lead to irreversible consequences.
The story around the two passcode-protected iPhones of the terrorist-shooter has been dragging on for four years, and US President Donald Trump has repeatedly participated in it. The conflict is fueled by the FBI’s desire to put pressure on the company as hard and publicly as possible for political purposes. There is no other reason, because they got access to at least one of the devices back in 2016. Moreover, the passcode was obtained using an age-old method – they just randomly picked it through a generator.
How passcodes and personal data are protected on iPhone, iPad and Mac
When activating iPhone, each owner is prompted to set up a lock passcode. It's a must for many features to work, from Touch ID and Face ID to making purchases with Apple Pay. The passcode plays a crucial role in protecting the iPhone: it is stored encrypted in a special security coprocessor called the Secure Enclave, which has appeared in all devices starting with the iPhone 5S. Almost every request for personal data in iOS goes through a coprocessor, and to a large extent, thanks to it, Apple gadgets are considered highly secure.
The Secure Enclave is responsible for linking Face ID and Touch ID sensors to the device's processor, so they stop working if you replace either the motherboard or the sensors themselves. And for the past two years, it has been running in the MacBook as well, as it underlies the T2 chip.
There is still no method to directly hack the Secure Enclave system. Attack vectors exploit vulnerabilities in other systems and hardware. The security coprocessor remains undefeated, which is something Apple is proud of.
But the Secure Enclave is powerless if an attacker or a law enforcement officer somehow guesses and finds out the device owner's passcode, including if the passcode is guessed through a random number generator, as happened in the case with the FBI.
The procedure of submitting many passwords to eventually guess one is automated and is called a brute-force attack. It almost always uses external generator devices. The cost of such for government services ranges from 5 to 20 thousand dollars.
Here’s why you need to give up your digit iPhone passcode
When brute-forcing through generators happens, the Secure Enclave coprocessor in the iPhone and the T2 chip receives one passcode every 80 milliseconds, translating into 12.5 attempts per second. So let's figure it out:
- If you have a 4-digit digital passcode, it will take only 14 minutes to find such a passcode. And this is the absolute maximum. Usually, it takes no more than 8 minutes.
- If you have a 6-digit digital passcode (it is strongly suggested to be set by iOS during the initial setup), it takes 22 hours at most to find such a code, and usually, it is only 11 hours of selection.
This is not about a typical hack, but a banal selection of options. They are mathematically limited: 10 digits, 6 positions each. 10 to the sixth power equals exactly 1 million digital passcode options. This is better than a 4-digit numeric code, which can only contain 10,000 unique combinations.
- If you set a 6-digit alphanumeric passcode, it will take 72 years to find such a code. If you use symbols like "!, @,%," life will not be enough to hack your iPhone.
Here’s how to change your iPhone passcode from numeric to alphanumeric:
There are two ways to change your iPhone passcode from digital to alphanumeric.
- If you already have a passcode, go to Settings -> Face ID & Passcode (Touch ID and Passcode) -> Change Passcode. When the system asks for a new passphrase, select Passcode Options. In the list that opens, tap Custom Alphanumeric Code.
- If you are going through the initial iOS activation procedure, then on the input screen, click on Passcode Options and there select Custom Alphanumeric Code.
This passcode format has some inconveniences: it is easy to forget, and your input time will increase. But taking into account the almost universal presence of Touch ID and Face ID, you will rarely have to enter the more complicated passcode. By adding one or two more characters to the password, you will protect the device from brute-force attacks.