6 Digits Are Better Than 4! iOS 9 to Boost Passcode Security
Posted on June 10th, 2015 by Graham Cluley
As usual, the world’s technology press watched in anticipation at Apple’s keynote speech at WWDC this week, anxious to turn any titbits of information about upcoming new products and features into news stories.
And although there were plenty of new features announced for the upcoming upgrade to OS X — dubbed El Capitan — perhaps the security news which will impact the most iPhone and iPad users is that Apple will be beefing up security on iDevices running iOS 9, by requiring users to upgrade from a 4-digit passcode to one containing 6 digits.
Two extra digits. Can that really add a whole lot more security?
Well, actually yes.
You see, a six digit passcode has one million possible combinations instead of 10,000.
Here is how Apple describes the development in their iOS 9 preview:
The passcode you use on your Touch ID-enabled iPhone and iPad will now have six digits instead of four. If you use Touch ID, it’s a change you’ll hardly notice. But with one million possible combinations — instead of 10,000 — your passcode will be a lot tougher to crack.
Even if you were up against someone determined enough to use a brute force black box to guess your iPhone’s PIN, it is far less likely to be considered a practical option once there are a million combinations.
However, good as a six digit passcode is, my recommendation remains that you should use a complex alphanumeric passphrase, in combination with Touch ID, to secure your precious iPhone or iPad. Just make sure that it’s not a passphrase that you tell anyone else, or that could be easy to guess or crack.
If you like the sound of the additional security benefits that a longer passphrase could give you over a four (or indeed six) digit numerical code, go to to Settings > Touch ID & Passcode (on devices with Touch ID) or Settings > Passcode (on other devices). Once there, make sure that you have disabled Simple Passcode, to let you set a longer passphrase, including letters and symbols as well as numbers.
If you are particularly paranoid, you may wish to enable the Erase Data passcode setting, which should ensure that your phone will be wiped after 10 failed attempts to crack the code.
Apple’s decision to boost passcode security couldn’t come at a more appropriate time, thumbing the company’s nose at increasing demands from governments for tech firms to weaken security and water down encryption.
Apple’s move shouldn’t be shrugged off. It underscores that the company is keen to be seen taking the security and privacy of its customers more seriously.