The change from 4-digit passcodes (which can still be used, even though we wouldn`t suggest it) to the lengthier alternative is significant because it greatly increases the number of possible combinations, raising the total from just 10,000 to a far healthier 1 million, a change Apple says will make passcodes `a lot tougher to crack`.
While brute-forcing an iOS device sounds unlikely, it is possible, as we learned back in March with the news of a Black Box designed for doing exactly that.
With the ability to power down an iPhone before it could add to the failed passcode attempt count (you can set your iDevice to erase itself after 10 failed attempts), the device could endlessly guess passcodes until it found the correct one.
As part of the article we wrote at the time, Paul Ducklin explained how a determined cracker could break a 4-digit passcode in less than 5 days, assuming that the device didn`t erase itself along the way.
With a 6-digit passcode increasing that one hundredfold, the amount of time required would increase to more than a year, which is probably sufficient to dissuade all but the most determined of PIN bashers.
Nevertheless, as part of our 10 tips for securing your smartphone guide, we suggest treating 6 digits as an absolute minimum, and we also recommend that you consider a passphrase (allowing you to use both letter and numbers for greater variety) instead.
\Besides passcodes, Apple will also be improving two-factor authentication with the release of iOS 9, saying:
A password alone is not always enough to keep your account secure. With two-factor authentication, when you sign in from a new browser or on a new device, you'll be prompted for a verification code. This code is automatically displayed on your other Apple devices or sent to your phone. Enter the code and you're quickly signed in — and any unauthorized users are kept out.
The company originally introduced 2FA in March 2013 - but only for some types of accounts - before later adding support for iCloud and subsequently also for iMessage and FaceTime.
Further details are sketchy right now but the company has revealed that two-factor authentication will be integrated within both iOS 9 and OS X 10.11 El Capitan.
Beyond enhanced passcodes and two-factor authentication it looks as though Apple will also be introducing at least one other interesting feature.
An image on the iOS 9 preview page shows a pop-up box warning warning the user that their iPhone Apple ID is being used to sign in from another device - in this case another iPhone - and gives the option to allow or block it. The prompt also advises which account is being accessed as well as providing a map to show where the second login is coming from.
Read original article
No comments:
Post a Comment