At a minimum, consumers and businesses should use a six-character alphanumeric passcode or a pass phrase, which addresses risks associated with the leak of personal and enterprise data. An alphanumeric passcode is a stronger password, which is more secure.
Gartner Research Director – Dionisio Zumerle
Gone are the days when iPhone users could boast of extreme security on their devices, as they were “inaccessible”. At least two companies (Grayshift, A Former Apple Security Engineer’s Company and Cellebrite, an Israeli based firm that is a subsidiary of Japan’s Sun Corporation) now are selling technology that can be used by law enforcement and government agencies to unlock iPhones.
The ability to crack open almost any iDevice on the market is a significant moment for law enforcement, not just in America, but also across the globe. With federal agencies and police departments worldwide lining up to buy the technology from these companies, most iPhone users including enterprise users (with devices that access potentially sensitive corporate data) concerned about privacy should make use of having a strong password on their devices to prevent unwanted access of data. Most of these decrypting devices are reportedly able to unlock a 4-digit passcode in about 2 hours.
The major point to worry of is the technologies these companies are using. The default security setting on current iPhones erases all data on the device after 10 failed attempts to unlock it. Most algorithms available in the market that attempted a brute-force attack on an iPhone, should therefore, fail, thus the speculation is that the technologies from Cellebrite and GrayKey must be using a different decyphering mechanism.
Despite the possibility of all this, IPhone users are happy to be safeguarded by a variety of protections and encryptions, as every individual has a right to privacy, and law enforcements will often need the subject of an investigation to cooperate and give them access to his or her data.
While Apple’s Touch ID and Face ID help with security as well, they do not preclude the use of a passcode to unlock a phone. According to Gartner research director Dionisio Zumerle, at a minimum, consumers and businesses should use a six-character alphanumeric passcode or a pass phrase, which addresses risks associated with the leak of personal and enterprise data. An alphanumeric passcode is a stronger password, which is more secure.
Final word of advice: Make sure you use a phrase or a combination of letters, numbers and symbols that is easy to remember.