Apple has steadily made the iPhone more secure over the past few years, but the device certainly isn’t, nor has it ever been, impenetrable. As Apple has beefed up iOS security over time, hackers and security researchers, in turn, have upped their game as well. The end result is a seemingly a never-ending cat-and-mouse game wherein Apple tries to shore up security holes faster than researchers can exploit them.
As it stands now, it appears that Apple has a lot of catching up to do. Earlier this year, for example, Cellebrite revealed that it can now access any locked iPhone running any iteration of iOS going back to iOS 5. More recently, word of a new iPhone hacking machine dubbed GrayKey began making waves online. Per reports, GrayKey is a relatively simple tool that can hack into most iPhones. Not surprisingly, the tool — which has a base price of $15,000 — has proven to be exceedingly popular among law enforcement agencies.
Now if you’re dead-set on keeping the contents of your iPhone shielded from prying eyes, your best bet is to make use of a passcode that’s longer than six digits. And for extra security, you’d be well advised to come up with an alphanumeric passcode.
Here’s why. According to cryptographer Matthew Green of Johns Hopkins (via Motherboard), here’s how long it presumably takes GrayKey to crack iOS passcodes of varying lengths. As evidenced below, a 6-digit passcode can be cracked in about 11 hours on average.
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
— Matthew Green (@matthew_d_green) April 16, 2018
While longer passcodes certainly provide an added layer of security, the reality is that most users will never opt for a 10-digit passcode. At a certain point, there needs to be a balance between convenience and security. That said, if you’re not in a position to sacrifice security for any reason, then you might as well go ahead and come up with a long alpha-numeric passcode.
While the default iOS passcode now stands at 6 digits (it used to be 4 a few years ago), there is an option for users to choose a longer alpha-numeric code should they choose. To access this option, go to Settings > Touch ID & Passcode. From there, you should see a “Passcode Options” tag that should let you pick a custom alphanumeric code for your iPhone.