iPhone password security

I noticed that iPhones automatically unlock when you enter a 4 digit pin, but if you set your password to a longer pin/password, they don't automatically open.

Is that just because Apple didn't feel like there was a reason to program that? Or is there a security reason...
wizardintrainingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BM-vnextCommented:
it is definitly a security reason.

With the four digit password they explicitly say it is less secure, because people could do random guesses. (unless you have it perform a wipe after som many wrong tries)

But more likely is that it is a different system, since the amount of characters is not specified.
It is secure because the lenght of the password is another unknown factor which makes it exponentially more secure. Every added digit makes it a factor 10 more secure.
The fact that you need to press enter can mean it can have a lot of characters and makes it really strong.
0
Rich RumbleSecurity SamuraiCommented:
With physical access, the pin vs password offers little protection in reality, but it sounds like it will be better. http://www.elcomsoft.com/iphone-forensic-toolkit.html Makes short work of BB and iPhone "protections", it comes with a physical dongle that has to be registered for it to function, but it pays for itself when people need their data recovered.
Access to the device is instant in most cases. Don't expect you're phone to be a good biometric and or place to keep secrets.
http://blog.crackpassword.com/2011/05/elcomsoft-breaks-iphone-encryption-offers-forensic-access-to-file-system-dumps/
http://www.elcomsoft.com/eppb.html Recover the pin/pass from an iphon backup.
-rich
0
aleghartCommented:
Given a few thousand dollars, compute/GPU time, and sufficient cause or creepiness...yes, one could steal a phone and crack it.

on page 15 of this doc, Apple states:
...passcodes prevent unauthorized access to the device’s UI. The iOS interface enforces escalating time delays after the entry of an invalid passcode, dramatically reducing the effectiveness of brute-force attacks via the Lock screen.

Apple doesn't make passcodes to protect anything beyond the UI.  Taking a dump of the device and attacking it with GPUs was not in the scope of the Q or the scope of Apple's UI authentication.

The OS will automatically submit 4-digit PINs for ease of use.  When the alternate "complex passcode" option is selected, there is no fixed length.  The user must indicate when to submit.

The bonus side effect is that an unauthorized user does not know the length, increasing the chances that the 10-try limit will be reached.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Rich RumbleSecurity SamuraiCommented:
It's instant access(nearly), I recover data from phones/pads(daily). If you want to recover the pin itself yes that takes time, but IOS4/5 are basically instant once an image is made.

You are correct that the pin is to keep the casual thief or loved one out, it's not for the determined. I should of made that point clearer. One only needs to (password/pin)attack the phone when going after the backup of the phone/pad in iTunes or if you really wanted to know what the pin was, you can get everything else without a CPU/GPU attack on the phone.

-rich
0
aleghartCommented:
...casual thief or scorned lover...

:)
0
Rich RumbleSecurity SamuraiCommented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
iOS

From novice to tech pro — start learning today.