How to use a strong passcode to better secure your iPhone

With at least two companies selling technology that can be used by law enforcement and government agencies to unlock iPhones, this would be a good time to safeguard your information with a stronger passcode. Here's how.

With police departments and federal agencies lining up to buy technology from two companies whose products can bypass iPhone security mechanisms, experts said users concerned about privacy should use a strong passcode to help prevent unwanted access to data.

That's also true for enterprise users with iPhones that access potentially sensitive coporate data.

Simply put, complex passcodes are always better for security, according to Phil Hochmuth, IDC's program director for enterprise mobility. Common best practices for creating a hard-to-crack passcode includes using both upper- and lower-case characters, numbers and uncommon words.

"I expect enterprises with high security concerns and large iOS corporate deployments will start requiring this and enforcing it via their MDM/EMM platforms," Hochmuth said via an email.

iPhone cracking technology now in use

Both Israel-based technology vendor Cellebrite and Atlanta-based Grayshift have developed relatively inexpensive technology for unlocking iPhones.

Grayshift's GrayKey de-encrypting device is a 4-in. x 4-in. box with two iPhone-compatible lightening cables. It can reportedly unlock an iPhone in about two hours – if the owner used only a four-digit passcode. (A six-digit passcode can take three days or longer to crack.)

One GrayKey box retails for US$15,000 and is geofenced to a specific location, requiring an internet connection that enables up to 300 unlocks. There is also a $30,000 GrayKey model that can be used independent of internet connectivity and offers an unlimited number of device unlocks, according to Motherboard.

greykey malwarebytes Malwarebytes

GrayKey iPhone unlocker

Cellebrite provides an iPhone unlocking service to law enforcement agencies; it reportedly charges $5,000 per device.

Last week, Motherboard reported that local and regional U.S. police departments and the federal government have been purchasing the technologies in earest.

While both companies claim they only sell to police and government law enforcement agencies, it's virtually impossible to keep that genie in the bottle, according to Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation (EFF), a non-profit digital rights group.

"If you believe the only people will access to GreyKey or Celebrate are the cops, I've got a bridge to sell you," Cardozo said.

img 0750 IDG

Go to Settings on your iDevice and scroll down to find access to your Passcode.

More digits means better iPhone security

At a minimum, consumers and businesses should use a six-character alphanumeric passcode or a pass phrase, which addresses risks associated with the leak of personal and enterprise data, according to Gartner research director Dionisio Zumerle.

"In terms of risk assessment, everyone should assume that the tools are improving. Security is a moving target and people need to move with it," said Gartner research vice president John Girard. "Using stronger PINs and passwords, phtases and so on is a necessary step forward."

While Apple's Touch ID and Face ID help with security as well, they don't preclude the use of a passcode to unlock a phone.

Apple's iOS 9 operating system boosted the default iPhone passcode from four digits to six; but an even stronger option, an alphanumeric passcode, is more secure.

img 0751 IDG

Next, select "Change Passcode".

How to change your passcode

If you're ready to change your passcode, here's how to do it:

  • Go to Settings
  • Click on Touch ID & Passcode (You will have to enter your current passcode here)
  • Click on Change Passcode (enter your current passcode again)
  • Click on Password options at the bottom of the screen
  • Click on Custom Alphanumeric Code
  • Enter your new passcode, which can now include letters, numbers and symbols.
iPhone passcode security IDG

Final word of advice: Make sure you use a phrase or a combination of letters, numbers and symbols that's easy to remember. 

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Apple

More about AppleClickCustomEFFElectronic Frontier FoundationGartnerIDGMalwarebytes

Show Comments
[]