You don't tell strangers your iPhone password the same way you hide your bank card PIN.
But what if I told you that your iPhone password can be guessed in just a few hours? Maybe even minutes.
This is not a secret, but trivial mathematics. It has long been turned into a weapon against those who cannot or do not want to voluntarily give up the smartphone lock code.
But the math works both ways, and so this weapon has one weak point: time.
I suggest each of you to change the lock password to one that no one will be able to pick up in a lifetime.
Why iPhone password is a hot topic in the media
For a year now, the FBI has been at war with Apple, demanding that the US security services provide a ready-made solution to hack any modern iPhone and iPad.
Promotional video:
Apple is not giving in, because the emergence of such solutions will sooner or later become the property of not only other states, but also attackers. It's easy to imagine what will happen next.
Photo of the terrorist who started the December 2015 shooting in San Bernardino, California.
The story around the two password-protected iPhones of the terrorist-shooter has been dragging on for four years, and US President Donald Trump has repeatedly participated in it. The conflict is fueled by the desire of the FBI to pressure the company as hard and publicly as possible for political purposes.
There is no other reason, because they got access to at least one of the devices back in 2016. And tonight it turned out how they did it.
The method turned out to be as old as the world: they just picked the password at random through the generator.
Leaving aside the question of morality, where you can find arguments for the positions of both the FBI and Apple. I want to draw your attention to something else - to the lock password specifically for your iPhone.
How passwords and personal data are protected on iPhone, iPad and Mac
When activating iPhone, each owner is prompted to set a lock password. It's a must for many features to work, from Touch ID and Face ID to making purchases with Apple Pay.
Initially, iOS offered to set a four-digit numeric passcode, and starting with iOS 9 - already a 6-digit one. Wake you up at 4 am, you will dictate these numbers by heart, they are so important.
The lock password plays a key role in protecting the iPhone: it is stored encrypted in a special security coprocessor called the Secure Enclave, which has appeared in all devices starting with the iPhone 5S. Almost every request for personal data in iOS goes through a coprocessor, and in no small part, thanks to it, Apple gadgets are considered highly secure.
iPhone 5S, Apple's first smartphone with Touch ID and Secure Enclave. Photo from our review, 2013.
The Secure Enclave is responsible for linking Face ID and Touch ID sensors to the device's processor, so they stop working if you replace either the motherboard or the sensors themselves. And for the past two years, it has been running in the MacBook as well, as it underlies the T2 chip.
Until now, there is no method to directly hack the Secure Enclave system. Attack vectors exploit vulnerabilities in other systems and hardware. The security coprocessor remains undefeated, which is something Apple is proud of.
But Secure Enclave is powerless if an attacker or a law enforcement officer somehow guesses and finds out the device owner's password. Including if the password is picked up through the generator, as happened in the case of the FBI.
The password brute-force procedure is automated, called "brute-force", and it almost always uses external generator devices. The cost of such for government services ranges from 5 to 20 thousand dollars.
Why you need to give up your digital password on iPhone
When brute-forcing through generators, the Secure Enclave coprocessor in the iPhone and the T2 chip receives one password every 80 milliseconds, which translates into 12.5 attempts per second.
The FBI officer uses the GrayKey brute-force system. It is in a gray box on the table.
This is not done manually, but through devices like the GrayKey system in the photo above.
So, let's imagine that …
* You have a 4-digit iPhone lock code. It was standard before the release of iOS 9, and some people still use it today.
It will take only … 14 minutes to find such a password. This is the absolute maximum, in most cases it takes no more than 8 minutes.
Okay, but most people still have a 6-digit passcode, right? I hasten to disappoint …
* You have a 6-digit numeric code. It is he who persistently suggests installing iOS during the initial setup.
It takes… 22 hours to find this code. Maximum. On average, 11 hours.
Again, this is not a typical hack, but a banal search of options. They are mathematically limited: 10 digits, 6 positions each. 10 to the sixth power equals exactly 1 million digital password options. This is better than a 4-digit numeric code, which can only contain 10,000 unique combinations.
* You have a 6-digit alphanumeric password. This option is available when setting a password on an iPhone, but it must be selected manually.
It will take … 72 years to select such a code. OF THE YEAR.
If the passphrase uses characters (like!, @, And so on), and it itself is longer than 6 characters, then literally life will not be enough to get your password through brute force.
Now do you understand what I'm getting at?
Change your iPhone password from numeric to alphanumeric
This can be done in two ways.
1. If you already have a lock password, go to Settings -> Face ID and Passcode (Touch ID and Passcode) -> Change Passcode.
When the system asks for a new passphrase, select Passcode Settings. In the list that opens, click on the Custom code (letters + numbers).
Memorize what you will enter next. It is highly desirable to use a unique combination of letters and numbers that does not repeat with a password from any service on the Internet or from a Mac.
2. If you are going through the initial iOS activation procedure, then on the input screen, click on Passcode Parameters and there select Custom code (letters + numbers).
The only inconvenience of such a password, besides forgetfulness, will be the increased time for entering it. But given the almost universal presence of Touch ID and Face ID, you will rarely need to enter this more complicated password.
By adding one or two characters to the password, you will make it completely meaningless and protect the device from brute force. So 6 digit numeric password, come on bye.
PS I do not recommend hiding anything from the state. You already have enough information. And the absolute majority of us have nothing to hide. My advice only concerns personal safety and protection from intruders. It's calmer this way.