How to set a really strong security password on iPhone and iPad

Although iPhone and iPad users mostly use biometric sensors to unlock and confirm data, sometimes a password is still required. For example, either you rebooted your phone or your hands are wet and Touch ID does not work. In addition, a passcode must be entered to install updates or change some settings.

By default, the system offers to set a 6-digit numeric password, but you have the opportunity to set a more complex combination of letters and numbers for more reliable protection of your data. Here's how to do it.

1. Open the settings and go to the security password section. On iPhones with Face ID, it's called "Face ID and Passcode", on devices with Touch ID it's called "Touch ID and Passcode." In older devices without biometrics, this is just a "Password".

2. Enter a valid password.

3. Select "Change password code" and re-enter the current code to allow changes.

4. Click on Passcode Options.

5. Select "Custom code (letters + numbers)" and enter a new password. You can use capital letters and symbols to make your password even more secure.

6. Done!

Which password to choose

On his Twitter, professor of cryptography Matthew Green wrote a thread almost 2 years ago in which he talked about the security of your smartphone passwords. He started it with interesting statistics about how long it takes to crack digital passwords (provided that they are set randomly and special software is used for cracking). If a 4-digit password takes a maximum of 13 minutes, then a 6-digit password is cracked on average in 11 hours, and a 10-digit one - in 4629 days.

Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):

4 digits: ~ 13min worst (~ 6.5avg)
6 digits: ~ 22.2hrs worst (~ 11.1avg)
8 digits: ~ 92.5days worst (~ 46avg)
10 digits: ~ 9259days worst (~ 4629avg)

- Matthew Green (@matthew_d_green) April 16, 2018

He further notes that while the combination of letters and numbers in theory should improve protection, it can only do worse if the characters are not arbitrary.

A lot of people responding to this saying “why decimal, why not use an alphanumeric passcode?” Sure, go for it. But keep in mind that unless you choose your password very well you might not be * that * much better off.

- Matthew Green (@matthew_d_green) April 16, 2018

Simply put, Kitty123 as a password is not a good idea.

But of course we all know that none of you are picking your alphanumeric passcode at random. You're all using Kitty123.

- Matthew Green (@matthew_d_green) April 16, 2018

But seriously, provided that you choose a non-random combination for the password, it is impossible to calculate how much more effective it is.

In all seriousness, if you’re using the alphanumeric option to pick a * non-random * passcode (as most people do) then it’s much harder to tell how much password strength you’re getting. Some, a lot. Some less than they think.

- Matthew Green (@matthew_d_green) April 16, 2018

In the end, the author notes that in practice (and given the complexity of cracking iOS in general), a password of numbers and letters may well work. There remains only one question: how convenient it will be for you to enter a password on a full-fledged keyboard, and not a convenient and large number input panel.

In practice (given the apparent limitations of current iOS attacks) it’s probably fine to use an alphanumeric passcode. It may be very secure. The real question is whether it’s worth the hassle of using the non-numeric keypad.

- Matthew Green (@matthew_d_green) April 16, 2018

Below are a few articles and resources to test your ingenuity when choosing a password.