IOS6 Needs Option to Disable Passcode Automatically.

Discussion in 'iOS 6' started by Jazwire, Jun 29, 2012.

  1. Jazwire macrumors 6502a

    Jazwire

    Joined:
    Jun 20, 2009
    Location:
    127.0.0.1
    #1
    When at home or other user set locations.


    Passcode is kind of a hassle, if you are frequently using your phone & I don't need any security when I am at home.

    Considering all the other GPS location based tweaks added or base it off home WiFi, this location feature would actually be very useful.

    Fingerprint security would be better, but this is something Apple could easily add right now.
     
  2. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #2
    Apple would have to rework their entire security backend engine to make this work and keep it secure. How could Apple implement a fingerprint system? Fingerprint scanners take up too much room for Apple's liking the there is no way for the current iDevices to resolve a fingerprint.
     
  3. Jazwire, Jun 29, 2012
    Last edited: Jun 29, 2012

    Jazwire thread starter macrumors 6502a

    Jazwire

    Joined:
    Jun 20, 2009
    Location:
    127.0.0.1
    #3
    Thats why the main point of my post was to disable passcode when at home via gps or home wifi.

    IDEALLY - fingerprint security would be best (IOS 7/8), but as I said, location based bypass could easily be implemented. (In fact , i found out it is already a jailbreak feature for iOS5., When connected to home WiFi it disables passcode.)

    So at a minimum that can easily be done.

    http://www.idownloadblog.com/2012/05/10/autoprotect/
     
  4. nuckinfutz macrumors 603

    nuckinfutz

    Joined:
    Jul 3, 2002
    Location:
    Middle Earth
    #4
    Don't run a passcode.

    If you misplace your phone you can simply lock it from icloud.com
     
  5. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #5
    iOS' current security engine isn't designed for dynamically switching of the passcode via location. It leaves the system very insecure when it is set to off. The jailbreak tweak just turns it off and on again while also removing most iOS' security protocols.

    Read this: http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf

    Having a passcode is a very important part of iOS security. Even if it's 1234.
     
  6. Jazwire thread starter macrumors 6502a

    Jazwire

    Joined:
    Jun 20, 2009
    Location:
    127.0.0.1
    #6
    That is what I use to do, until I once left my phone at a restaurant and didn't realize it for 45 minutes. Luckily the waitress found it and put it behind the counter. But it could have been a disaster.

    Yes I know, blah blah personal responsibility. I've taken my phone with me 50,000 times in the last few years and left it somewhere once.

    Anyway it would be a nice added feature, it would make using the passcode a more positive experience,hence more people using it.

    Side Note: Passcode should be bypassed for music playing. ( I mean it is for the camera, why not music. Thats actually probably the biggest hassle of having a passcode.)
     
  7. Menel macrumors 603

    Menel

    Joined:
    Aug 4, 2011
    Location:
    ATL
    #7
    I kind of like that idea. If it's authenticated to my home WIFI, specifically, no passcode needed.

    Definitely as an option, as that's not for everyone. But would be nice, I'd probably switch to a more secure passcode if so.

    ----------

    It can be, double click home button and you can control play/pause/skip/volume.

    If your talking about the Music app in general... I say no. As an iTunes Match subscriber, I don't need someone randomly starting up my music and initiating playlist/album downloads over cellular.
     
  8. Jazwire thread starter macrumors 6502a

    Jazwire

    Joined:
    Jun 20, 2009
    Location:
    127.0.0.1
    #8
    Thanks!, completely forgot about the double click home.
    Also I do use iTunesMatch and thats a very good point.
     
  9. FSMBP macrumors 68020

    FSMBP

    Joined:
    Jan 22, 2009
    #9
    Although not a perfect fix, but you can make it so Passcode is not required immediately (ex. set it to require one after 15 mins). So, if you frequently use your iPhone at home, it wouldn't require a Passcode that often.

    That helps a lot when I'm out & am texting people/using GPS while keeping my data somewhat safe when stolen (ex. I use the 5 minute feature).
     
  10. Gjwilly macrumors 68030

    Joined:
    May 1, 2011
    Location:
    SF Bay Area
    #10
    There are some things Apple could but some passcode requirements are imposed by the exchange server you connect to.
     
  11. iPhoneApple macrumors 6502

    Joined:
    Jan 24, 2011
    #11
    In theory I like this idea, but in reality, this would be hard to implement/maintain.
     
  12. CyBeRino macrumors 6502a

    Joined:
    Jun 18, 2011
    #12
    No, because a user could have confidential information in his "music" library, which might contain audio that isn't even music.

    The same goes for the camera app of course, so when unlocking into camera mode without a passcode, the image library is disabled. (It's impossible to extract information from the device by using the camera to create a new photo.)
     
  13. petsounds macrumors 65816

    Joined:
    Jun 30, 2007
    #13
    A four-digit passcode would only take a few minutes to bruteforce with physical access to the device. (This is from the horse's mouth) Unfortunately, it's a tradeoff -- ease-of-use versus security. I think they need supplant the passcodes with a second level of security -- facial recognition, voice pattern recognition, or gesture recognition.

    But I disagree with you that setting geofences where the passcode is turned off would require some total rewrite of their security system. I think it's only a band-aid on what is a bigger problem however. People use easily breakable passwords because of the convenience factor, which makes the security of their device in question. Much moreso than people realize.
     
  14. admanimal macrumors 68040

    Joined:
    Apr 22, 2005
    #14
    Not really. Unless you get lucky and guess the passcode in the first few guesses, it is literally impossible to enter more than 6 or 7 passcodes in a few minutes. The iPhone enforces an escalating time delay after the 6th try, so that you have to wait one minute, then five minutes, then 15 minutes before entering another guess. And of course after 10 tries you have to connect it to iTunes.
     
  15. petsounds macrumors 65816

    Joined:
    Jun 30, 2007
    #15
    Hah, no I'm not talking about some guy punching in keycodes. I'm talking about someone who plugs in your phone and starts running a password cracker on it. A passcode of four characters will not last long against such an attack. Breaking this passcode allows the attacker access to the device filesystem.
     
  16. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #16
    Read the PDF in the link I posted. A passcode, even a very simple one, is used to activate most of iOS' security and encryption things. The passcode itself is used along with the device's keys to create a secure platform. When trying to brute force an iOS device's four digit passcode, you only have 15 trys before it disables itself and requires iTunes to unlock it.
     
  17. macslayer118 macrumors 6502

    Joined:
    Oct 6, 2008
    Location:
    Dallas, TX
    #17
    Two words: face recognition.

    There's already a front facing camera. iPhone could have the software to recognize you and unlock. If it doesn't, then use pass code (in case there's a glitch)

    Of course it would have to have some much newer tech like determining if it's a 3d image vs just a picture if someone's face. But how awesome would that be?!?
     
  18. admanimal macrumors 68040

    Joined:
    Apr 22, 2005
    #18
    Still not really true:

    http://www.iclarified.com/entry/index.php?enid=21095

    There are multiple levels of encryption on the files such that cracking the passcode alone without actually using the lock screen doesn't get you very far.
     
  19. BSben macrumors 6502a

    Joined:
    May 16, 2012
    Location:
    UK
    #19
    Face recognition is not fool proof
    one word: photo
    Facial recognition has been tricked with photos on Android phones.
     
  20. petsounds macrumors 65816

    Joined:
    Jun 30, 2007
    #20
    If you are a developer, I'd direct you to the security session (208) from WWDC 2011. Apple engineers freely admit that "Data Protection", aka the system which protects the device filesystem with encryption, is only as strong as the passcode with which it is encrypted. Please note I am talking about the data on the device, not access to the running system/apps. According to them, the encryption with a 4-digit passcode (~10,000 possible variations), can be bruteforced in a couple minutes, at which point the attacker gains access to the files on the device. It's no different than having a 4-character password on a website.

    Access to the running system is much harder, but certainly having an attacker gaining access to sensitive data on your device is something to be concerned about. A 4-digit passcode should not be trusted to keep your data secure.
     
  21. Patriot24 macrumors 68030

    Patriot24

    Joined:
    Dec 29, 2010
    Location:
    California
    #21
    Sorry, but this is terrible advice. By the time you realize that it is missing it will be too late.

    Whenever I am around friends that don't use a passcode, I'll generally make a habit of mentioning how easy it would be for me to pick it up while they aren't paying attention and do any number of malicious things (facebook status, tweet, e-mail to friends/family/company, access to Mint, Dropbox, call someone, change the ringtone to something seriously NSFW, the list goes on...).

    Even if it isn't the strongest thing in the world, everyone needs to use some sort of a passcode, password, pattern, or whatever comes on your device. It may be annoying to type it in every time, but some day it will save you and your data.
     
  22. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #22
    With only 15 attempts to brute an iOS passcode, it is extremely unlikely to be broken. On the iPad 2/3 and iPhone 4S, there is no way past the devices' built in encryption when it is turned on with a passcode and with no way of getting at the passcode hash file when a passcode is set, these devices are extremely secure. The other devices can easily be broken into because of their bottom exploit. The 2011 WWDC developers likely knew of the bootrom exploits' abilities to quickly and easily bypass the devices encryption.

    The May 2012 security PDF outlines that to break the decice's encryption, the device's key is needed. Only the device itself has access to this key. The user's passcode becomes entangled with the device's key to create a unique encryption key. Whether the entangle number is 0000 or 7248 or 166392453 it doesn't really matter when viewed from a time frame point. By the time the device's 256-bit and the user's passcode have been separated and the data decrypted, many years would have passed.
     
  23. iBreatheApple macrumors 68030

    iBreatheApple

    Joined:
    Sep 3, 2011
    Location:
    Florida
    #23
    There's an amazing jailbreak app that lets you pass code each individual app and lets you customize 2 to 3 Wi-Fi networks where it won't ask for the password when connected, it's genius.
     
  24. MattInOz macrumors 68030

    MattInOz

    Joined:
    Jan 19, 2006
    Location:
    Sydney
    #24
    Well the other option is not to disable the passcode outright, just dynamically alter the time to re-lock. So you only have to unlock once every 4hours when at home, but would lock after a 1min when not. That would at least get rid of the need to unlock all the time.

    Have to say I agree, there would seem to lots of room for Apple to get the phone to learn user habits, via various clues like location and network connection. Generally daily timings.
     
  25. macslayer118 macrumors 6502

    Joined:
    Oct 6, 2008
    Location:
    Dallas, TX
    #25
    You obviously missed my last sentence which said there should be newer tech so it actually determines there's a live image in front of the camera vs just a picture. The technology is in development so a picture would not be enough to use for facial recognition.
     

Share This Page