Care to share your passcode, oh enlightened "10 year old Windows laptop" user?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average
- Thread starter MacRumors
- Start date
- Sort by reaction score
Same, 13 characters is the minimum I use for things I can't get out of 1Password. I use 32 characters for most things I can retrieve there (although it annoys the heck out of me that some web sites and services limit the maximum password size so some are a paltry 16 characters or even fewer).
I'll keep bumping those up as computing capacities scale. Until quantum computing gets into high qubit capacities and all traditional encryption to be blown up. Bit-coin investors beware ;-)
This is an estimate based on information from Apple's iOS Security Guide. According to the guide, the iteration count of their key derivation function is "calibrated so that one attempt takes approximately 80 milliseconds". So trying all combinations of a 10-digit code takes at most 80 * 10^-3 * 10^10 = 8*10^8 seconds, which is around 9259 days.
That's why I've disabled Control Center when the phone is locked (of course I guess you could just remove the sim). Apple really should allow you to remove Airplane Mode from Control Center.
Regardless, my point was a 6 digit passcode is good enough to protect against common thieves. Even if they do get access to my phone, they're not getting any sensitive information because that's all protected behind additional, long and random passwords (and I can change my email password quickly so they can't use it to reset my passwords).
Yes, but now that you've revealed that the length of your code is 13 characters, enterprising law enforcement officials only have to try 13 digit codes and it is much more worthwhile.
I've been using a long (more than 12) character passcode ever since I started seeing these stories. Since we have touch-id it makes this type of passcode less annoying than it would otherwise be. Am I a top secret super spy? I'd tell you but then I'd have to kill you (aka no.) But you never know what cops will try to do these days.
maybe i should jump on the bandwagon and change my passcode which happens to be 0000 to something.
If I'm at a random DWI stop, and the police ask for my phone, I know my rights and know I can say 'No'. I also know they can then say they smell something, handcuff me on the side of the road while they take their time bringing in a dog, and then give the dog their secret trigger signal that something may be in the car. If they're not 100% out to get me, they tear my car apart and then send me on my way, costing me valuable time and some of my dignity.
If they are out to get me, hopefully all they do is plant a bag of crack in my car, but I fully acknowledge they can scream, "Look out! He's coming right at us!", shoot me 100 times in the back, then use the fact that I had asthma medicine in my system to disparage my good name and get folks on social media to agree I deserved it.
What they don't get is easy access to everything I've done, every place I've visited, a list of everyone I know, every idea I've never pursued, and every unfulfilled dream I've ever listed in Notes. They'll need to go to a third party to obtain permission to, maybe, access that information. Information, as innocent as it may be, I may feel is too personal to want to share with any government.
A minor victory, to be sure, but no way I go gently into that good night.
Really? I entered this in howsecureismypassword.net:
"Mary had a little lamb, but Jack and Jill ate it."
Seems easy enough to remember, and the response was:
So I think it should be easy to come up with something memorable, unique, and very difficult to crack.
Last edited:
When I first got my ipad 12.9, the fingerprint scanner never worked. For me. For my husband on his 12.9 ipad. Never. Then around 10 point something, it now works 100% for both. Weirdest thing.
I’m sure so many here are prime targets for getting their phone hacked and have to worry that the cops are going to take their phones and bust them.
+100000 <3
Jeez let people decide how they want to use their phones. Most of the time I don't like to have a passcode at all. And it's perfectly fine.
Thought the same thing and ditto for the thug that hits you in the head and grabs your phone before saying "smile for the camera".
Well said. FaceID fails a lot for me in specific situations, as did Touch ID. Gets annoying and having a 4 character passcode makes it easier when these two things fail daily.
Every digit you add makes it 10 times harder to guess. Therefore, it takes 10 times longer. If you go alphanumeric, each additional character increases the difficulty by about 188 (26 uppercase+26 lowercase+93 special characters+10 numbers+8 symbols).
Therefore, a three character alphanumeric passcode (I’m not sure if that’s even allowed) is over six times more secure than a six digit numeric one. (188^3 > 10^6)
Therefore, a three character alphanumeric passcode (I’m not sure if that’s even allowed) is over six times more secure than a six digit numeric one. (188^3 > 10^6)
Last edited:
Fair point, and I definitely agree with the sentiment! But I do think that if they (the authorities) were to get legal permission, a warrant, to get into your stuff it wouldn't make much of a difference whether you have a 4-digit passcode or some character-riddled 12-character monster of a password -- if they have to get past something, it's a "locked door" legally, right?
it is more than law enforcement. however it would be easier for a crook to just come burglarize your house than shell out the cost for this limited lifetime device