How to Create a More Secure Passcode on Your iPhone or iPad

[BeefCake 15]

It is easy to force your fingerprint onto the sensor. So that way they have the ability to force you to unlock your phone.
They cannot "force" a passcode out of your brain.

 

[allanfries]

Since TouchID came out I increased my passcode to 9 digits, using alphanumeric with symbols. Might be over kill, but what ever.

 

[manu chao]

That is up to you and I. Apple has stuck their neck out. Now the government is quietly trying to cut their head off. They only way they, the government win, is if you an I are silent and don't say anything. Now is the time to call and write and tweet, and make whatever noise can be made because next month will too late.

Except in this case it was the FBI that went public. Apple had asked the FBI to file the court order sealed (ie, it wanted the question to work its way through the courts quietly, at least for the time being) but the FBI refused so it could go public on this issue.
[doublepost=1455918551][/doublepost]

I'm worried about hackers and thieves. Apparently, it is possible to create a version of iOS with no password guessing penalty (says Tim Cook himself), so that's the weak link.

Not having the current source code of iOS and the iPhone firmware (as well as having a lot of experience with it) as well as not having Apple's encryption key is what stops regular hackers (and the FBI) from creating the software that they are asking Apple to create. The NSA however might be able to do so (they 'just' need to hack into Apple's servers).

 

[Umbrarian]

Doing this since my ip5s , would like to see some stats on 80ms delay, number of digits and the time it takes to brute force it , also , can the 80 ms be ****ed with?

5c is 12 tries a second.

5s is faster due to a7

bt the SE slows down the 5s even though it could do it faster

 

[sudo1996]

Not having the current source code of iOS and the iPhone firmware (as well as having a lot of experience with it) as well as not having Apple's encryption key is what stops regular hackers (and the FBI) from creating the software that they are asking Apple to create. The NSA however might be able to do so (they 'just' need to hack into Apple's servers).

Yes, or some really good reverse-engineering.

 

[0098386]

I was not aware that I could be compelled to unlock my phone via fingerprint but not passcode.

I've recently heard (due to all this privacy stuff) that some activism journalists in the US will reset their phones if they feel like they might be arrested. Because when it boots back up you have to enter your password first.

I don't know what happens after that though!

 

[castlerock]

I was not aware that I could be compelled to unlock my phone via fingerprint but not passcode.

I'd like to see citations of relevant case law. Obviously one can be compelled to provide biometric evidence (i.e. a fingerprint) but it's a separate issue whether you can be compelled to perform an action solely for the purpose of providing potentially incriminating evidence against yourself.

In any case a password is a password. If the law is involved, "I can't remember, I don't recall. I have no memory of anything at all."
/Anyone remember that one?

Oh and one more thing- MacRumors, I've been registered here for 7 years. I haven't made a lot of posts, but I think I've been a responsible and constructive forum member. Why am I banned from the politics threads just because of some arbitrary minimum post threshold? I'm obviously no sock puppet account created solely to stir the pot. Relax the guideline!

 

[Weaselboy]

I'd like to see citations of relevant case law. Obviously one can be compelled to provide biometric evidence (i.e. a fingerprint) but it's a separate issue whether you can be compelled to perform an action solely for the purpose of providing potentially incriminating evidence against yourself.

Here is one case where the court forced someone to unlock their phone with a fingerprint. I have not noticed if this case made its way up through the appeals courts yet though.

From the article:

The Fifth Amendment to the U.S. Constitution gives people the right to avoid self-incrimination. That includes divulging secret passwords, Judge Steven C. Frucci ruled. But providing fingerprints and other biometric information is considered outside the protection of the Fifth Amendment, the judge said.

 

[Amplelink]

Since TouchID came out I increased my passcode to 9 digits, using alphanumeric with symbols. Might be over kill, but what ever.

Yup, me too. There's really no excuse not to have a strong password now with Touch ID. It's still a slight PITA upon restart or if you have to confirm your password, but it's a small annoyance to deal with for stronger security.

 

[nt5672]

Except in this case it was the FBI that went public. Apple had asked the FBI to file the court order sealed (ie, it wanted the question to work its way through the courts quietly, at least for the time being) but the FBI refused so it could go public on this issue. . . . .

Of course they did. This is a political hot potato. Apple avoids controversy as a core principle, at least until they can't. I don't see any lurking issue with that.

 

[Krevnik]

5c is 12 tries a second.

5s is faster due to a7

bt the SE slows down the 5s even though it could do it faster

Except, by reading the white paper, they make it sound like they tune the number of PBKDF iterations to the processor, to aim at ~80ms no matter the hardware.

Plus, this assumes the Enclave (which is a separate processor) is as fast as the main CPU. Considering the PIN and the Enclave's hardware key are both needed to generate the encryption key, you have to run the PIN -> encryption key algorithm on the Enclave, and cannot run it on the CPU where it is faster. If you could extract the hardware key, you are better off taking a dump of the NAND and running the algorithms on a desktop machine at that point.