Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

IOS6 Needs Option to Disable Passcode Automatically.

Jazwire

Jazwire

macrumors 6502a
Original poster
Jun 20, 2009
900
118
127.0.0.1
When at home or other user set locations.


Passcode is kind of a hassle, if you are frequently using your phone & I don't need any security when I am at home.

Considering all the other GPS location based tweaks added or base it off home WiFi, this location feature would actually be very useful.

Fingerprint security would be better, but this is something Apple could easily add right now.
 
Apple would have to rework their entire security backend engine to make this work and keep it secure. How could Apple implement a fingerprint system? Fingerprint scanners take up too much room for Apple's liking the there is no way for the current iDevices to resolve a fingerprint.
 
Intell said:
Apple would have to rework their entire security backend engine to make this work and keep it secure. How could Apple implement a fingerprint system? Fingerprint scanners take up too much room for Apple's liking the there is no way for the current iDevices to resolve a fingerprint.
Click to expand...

Thats why the main point of my post was to disable passcode when at home via gps or home wifi.

IDEALLY - fingerprint security would be best (IOS 7/8), but as I said, location based bypass could easily be implemented. (In fact , i found out it is already a jailbreak feature for iOS5., When connected to home WiFi it disables passcode.)

So at a minimum that can easily be done.

http://www.idownloadblog.com/2012/05/10/autoprotect/
 
Last edited:
nuckinfutz said:
Don't run a passcode.

If you misplace your phone you can simply lock it from icloud.com
Click to expand...

That is what I use to do, until I once left my phone at a restaurant and didn't realize it for 45 minutes. Luckily the waitress found it and put it behind the counter. But it could have been a disaster.

Yes I know, blah blah personal responsibility. I've taken my phone with me 50,000 times in the last few years and left it somewhere once.

Anyway it would be a nice added feature, it would make using the passcode a more positive experience,hence more people using it.

Side Note: Passcode should be bypassed for music playing. ( I mean it is for the camera, why not music. Thats actually probably the biggest hassle of having a passcode.)
 
I kind of like that idea. If it's authenticated to my home WIFI, specifically, no passcode needed.

Definitely as an option, as that's not for everyone. But would be nice, I'd probably switch to a more secure passcode if so.

----------
Jazwire said:
Thats what I use to do, until I once left my phone at a restaurant and didn't realize it for 45 minutes. Luckily the waitress found it and put it behind the counter. But could of been much worse.

Yes I know, blah blah personal responsibility. I've taken my phone with me 50,000 times in the last few years and left it somewhere once.

Anyway it would be a nice added feature, easily implemented and make using the passcode a more positive experience.

Side Note: Passcode should be bypassed for music playing. ( I mean it is for the camera, way not music. Thats actually probably the biggest hassle of having a passcode.)
Click to expand...
It can be, double click home button and you can control play/pause/skip/volume.

If your talking about the Music app in general... I say no. As an iTunes Match subscriber, I don't need someone randomly starting up my music and initiating playlist/album downloads over cellular.
 
Menel said:
I kind of like that idea. If it's authenticated to my home WIFI, specifically, no passcode needed.

Definitely as an option, as that's not for everyone. But would be nice, I'd probably switch to a more secure passcode if so.

----------

It can be, double click home button and you can control play/pause/skip/volume.

If your talking about the Music app in general... I say no. As an iTunes Match subscriber, I don't need someone randomly starting up my music and initiating playlist/album downloads over cellular.
Click to expand...

Thanks!, completely forgot about the double click home.
Also I do use iTunesMatch and thats a very good point.
 
Jazwire said:
When at home or other user set locations.


Passcode is kind of a hassle, if you are frequently using your phone & I don't need any security when I am at home.

Considering all the other GPS location based tweaks added or base it off home WiFi, this location feature would actually be very useful.

Fingerprint security would be better, but this is something Apple could easily add right now.
Click to expand...

Although not a perfect fix, but you can make it so Passcode is not required immediately (ex. set it to require one after 15 mins). So, if you frequently use your iPhone at home, it wouldn't require a Passcode that often.

That helps a lot when I'm out & am texting people/using GPS while keeping my data somewhat safe when stolen (ex. I use the 5 minute feature).
 
Jazwire said:
Side Note: Passcode should be bypassed for music playing. ( I mean it is for the camera, why not music. Thats actually probably the biggest hassle of having a passcode.)
Click to expand...

No, because a user could have confidential information in his "music" library, which might contain audio that isn't even music.

The same goes for the camera app of course, so when unlocking into camera mode without a passcode, the image library is disabled. (It's impossible to extract information from the device by using the camera to create a new photo.)
 
Intell said:
Having a passcode is a very important part of iOS security. Even if it's 1234.
Click to expand...

A four-digit passcode would only take a few minutes to bruteforce with physical access to the device. (This is from the horse's mouth) Unfortunately, it's a tradeoff -- ease-of-use versus security. I think they need supplant the passcodes with a second level of security -- facial recognition, voice pattern recognition, or gesture recognition.

But I disagree with you that setting geofences where the passcode is turned off would require some total rewrite of their security system. I think it's only a band-aid on what is a bigger problem however. People use easily breakable passwords because of the convenience factor, which makes the security of their device in question. Much moreso than people realize.
 
petsounds said:
A four-digit passcode would only take a few minutes to bruteforce with physical access to the device. (This is from the horse's mouth)
Click to expand...

Not really. Unless you get lucky and guess the passcode in the first few guesses, it is literally impossible to enter more than 6 or 7 passcodes in a few minutes. The iPhone enforces an escalating time delay after the 6th try, so that you have to wait one minute, then five minutes, then 15 minutes before entering another guess. And of course after 10 tries you have to connect it to iTunes.
 
admanimal said:
Not really. Unless you get lucky and guess the passcode in the first few guesses, it is literally impossible to enter more than 6 or 7 passcodes in a few minutes. The iPhone enforces an escalating time delay after the 6th try, so that you have to wait one minute, then five minutes, then 15 minutes before entering another guess.
Click to expand...

Hah, no I'm not talking about some guy punching in keycodes. I'm talking about someone who plugs in your phone and starts running a password cracker on it. A passcode of four characters will not last long against such an attack. Breaking this passcode allows the attacker access to the device filesystem.
 
petsounds said:
A four-digit passcode would only take a few minutes to bruteforce with physical access to the device. (This is from the horse's mouth) Unfortunately, it's a tradeoff -- ease-of-use versus security. I think they need supplant the passcodes with a second level of security -- facial recognition, voice pattern recognition, or gesture recognition.
Click to expand...

Read the PDF in the link I posted. A passcode, even a very simple one, is used to activate most of iOS' security and encryption things. The passcode itself is used along with the device's keys to create a secure platform. When trying to brute force an iOS device's four digit passcode, you only have 15 trys before it disables itself and requires iTunes to unlock it.
 
Two words: face recognition.

There's already a front facing camera. iPhone could have the software to recognize you and unlock. If it doesn't, then use pass code (in case there's a glitch)

Of course it would have to have some much newer tech like determining if it's a 3d image vs just a picture if someone's face. But how awesome would that be?!?
 
petsounds said:
Hah, no I'm not talking about some guy punching in keycodes. I'm talking about someone who plugs in your phone and starts running a password cracker on it. A passcode of four characters will not last long against such an attack. Breaking this passcode allows the attacker access to the device filesystem.
Click to expand...

Still not really true:

http://www.iclarified.com/entry/index.php?enid=21095

There are multiple levels of encryption on the files such that cracking the passcode alone without actually using the lock screen doesn't get you very far.
 
Face recognition is not fool proof
one word: photo
Facial recognition has been tricked with photos on Android phones.
 
Intell said:
Read the PDF in the link I posted. A passcode, even a very simple one, is used to activate most of iOS' security and encryption things. The passcode itself is used along with the device's keys to create a secure platform. When trying to brute force an iOS device's four digit passcode, you only have 15 trys before it disables itself and requires iTunes to unlock it.
Click to expand...

If you are a developer, I'd direct you to the security session (208) from WWDC 2011. Apple engineers freely admit that "Data Protection", aka the system which protects the device filesystem with encryption, is only as strong as the passcode with which it is encrypted. Please note I am talking about the data on the device, not access to the running system/apps. According to them, the encryption with a 4-digit passcode (~10,000 possible variations), can be bruteforced in a couple minutes, at which point the attacker gains access to the files on the device. It's no different than having a 4-character password on a website.

Access to the running system is much harder, but certainly having an attacker gaining access to sensitive data on your device is something to be concerned about. A 4-digit passcode should not be trusted to keep your data secure.
 
nuckinfutz said:
Don't run a passcode.

If you misplace your phone you can simply lock it from icloud.com
Click to expand...

Sorry, but this is terrible advice. By the time you realize that it is missing it will be too late.

Whenever I am around friends that don't use a passcode, I'll generally make a habit of mentioning how easy it would be for me to pick it up while they aren't paying attention and do any number of malicious things (facebook status, tweet, e-mail to friends/family/company, access to Mint, Dropbox, call someone, change the ringtone to something seriously NSFW, the list goes on...).

Even if it isn't the strongest thing in the world, everyone needs to use some sort of a passcode, password, pattern, or whatever comes on your device. It may be annoying to type it in every time, but some day it will save you and your data.
 
petsounds said:
If you are a developer, I'd direct you to the security session (208) from WWDC 2011. Apple engineers freely admit that "Data Protection", aka the system which protects the device filesystem with encryption, is only as strong as the passcode with which it is encrypted. Please note I am talking about the data on the device, not access to the running system/apps. According to them, the encryption with a 4-digit passcode (~10,000 possible variations), can be bruteforced in a couple minutes, at which point the attacker gains access to the files on the device. It's no different than having a 4-character password on a website.

Access to the running system is much harder, but certainly having an attacker gaining access to sensitive data on your device is something to be concerned about. A 4-digit passcode should not be trusted to keep your data secure.
Click to expand...

With only 15 attempts to brute an iOS passcode, it is extremely unlikely to be broken. On the iPad 2/3 and iPhone 4S, there is no way past the devices' built in encryption when it is turned on with a passcode and with no way of getting at the passcode hash file when a passcode is set, these devices are extremely secure. The other devices can easily be broken into because of their bottom exploit. The 2011 WWDC developers likely knew of the bootrom exploits' abilities to quickly and easily bypass the devices encryption.

The May 2012 security PDF outlines that to break the decice's encryption, the device's key is needed. Only the device itself has access to this key. The user's passcode becomes entangled with the device's key to create a unique encryption key. Whether the entangle number is 0000 or 7248 or 166392453 it doesn't really matter when viewed from a time frame point. By the time the device's 256-bit and the user's passcode have been separated and the data decrypted, many years would have passed.
 
There's an amazing jailbreak app that lets you pass code each individual app and lets you customize 2 to 3 Wi-Fi networks where it won't ask for the password when connected, it's genius.
 
Well the other option is not to disable the passcode outright, just dynamically alter the time to re-lock. So you only have to unlock once every 4hours when at home, but would lock after a 1min when not. That would at least get rid of the need to unlock all the time.

Have to say I agree, there would seem to lots of room for Apple to get the phone to learn user habits, via various clues like location and network connection. Generally daily timings.
 
BSben said:
Face recognition is not fool proof
one word: photo
Facial recognition has been tricked with photos on Android phones.
Click to expand...

You obviously missed my last sentence which said there should be newer tech so it actually determines there's a live image in front of the camera vs just a picture. The technology is in development so a picture would not be enough to use for facial recognition.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back