Better passcodes for your iPhone and iPad

How many digits or characters do you have in your iPhone passcode? If you’re like most people, the answer is four. (You are using the lock/pass code feature, aren’t you?) A four-digit passcode gives you 10,000 possible combinations. Not bad, but it could be better. Especially since the coating on the iPhone’s screen shows fingerprints, and someone trying to get in might be able to see which four of the ten digits you use in your passcode.

Apple has a way to let you use a more complex passcode, but it involves the QWERTY keyboard and can become a pain to type in. Thanks to Steven G. Sommer, we now know a way to set up a longer numeric passcode on the iPhone (and iPad). His post boasts the screen shots, but here’s the quick version:

Go into your Settings, scroll down to Passcode Lock, and enter your four-digit passcode. Turn “Simple Passcode” off and enter your old passcode. When it asks you for your new passcode, just use all numbers (as in “12345”—but if you use that one I will personally hunt you down and force you to watch Spaceballs until your eyes bleed.) You can type in as many numbers as you want. The iOS is smart enough to recognize that if your longer passcode is all numbers, it offers you the familiar numeric keypad to use when unlocking your device.

Voilá—a more secure passcode for your iPhone or iPad, and one that’s not a pain to type in on the QWERTY keyboard.

Hat tip to fellow lawyer Katie Floyd for posting about this solution.

(N.B.: It’s been quite a while since I posted anything here. This blog hasn’t been abandoned, but I have been spending time working on a new, somewhat related blog, Indiana Internet Law. It’s a blog about issues that regularly show up online: defamation, copyright infringement, etc. I hope you’ll check it out.)

iPad (and iPhone) security: passcodes

During an interview with Jenny Montgomery of the Indiana Lawyer, she posed a question to me that started me thinking. While I won’t go into the discussion we had (lest I say anything here that the Indiana Lawyer will include in its article), it seems to me that it is worthwhile to spend some time discussing the security on iOS devices.

We lawyers all know that we have an obligation to maintain client confidences and avoid their disclosure. Even something as seemingly benign as a calendar entry could be enough to reveal that a client is even consulting with an attorney. iPads and iPhones are small enough that they can be misplaced or even stolen, so owners should take some definite steps to prevent someone from accessing the data. (Even if you don’t have client information on your device, you may not want a prankster colleague to post the latest photos of you wearing a coconut bra and grass skirt on Facebook.)

The first step to securing your iOS device is to use the Passcode Lock feature. You can find this in the Settings app, under General. Passcode Lock should be turned on. In addition, you should turn off the Simple Passcode setting. Apple will let you use Simple Passcode’s four-character passcode, but that is not the wisest move. When you tap your passcode into the iPad or iPhone, your finger leaves a trace of oil behind on the screen. Considering that there are only four digits allowed, and your fingerprints may point to the four numbers you have in your passcode, it doesn’t take much to realize that there are only 256 possible combinations that might unlock your device. Someone might just get lucky and guess your passcode. (You could reduce this risk by wiping your screen clean on a frequent basis, but usually it’s the people with a form of OCD who are best at using that tactic.)

One way you can mitigate this risk is by turning the Erase Data feature on. With this turned on, all data on your device is erased after ten failed passcode attempts. While a thief still might get lucky and guess your code on the 7th try, using Erase Data increases the odds in your favor. Of course, if your device erases itself, you’ll want to have a very current backup of the device’s data stored on your computer.

Instead of using the four-digit simple passcode, turn that feature off and use a longer passcode. I happen to use a nine-character passcode that includes capital letters, numbers, and symbols. I also have the data erase feature turned on, so any thief is going to have to be incredibly lucky to guess the passcode within ten attempts.

At first, using a passcode longer than four characters may seem a hassle, but after a while it’s not even noticeable. Even so, the minor inconvenience is small compared to the potential loss of sensitive data—or worse, having to respond to a disciplinary complaint filed by an angry client after his information was lost or revealed.

In forthcoming posts, we will look at more security issues involving our favorite mobile devices.