Saintel Daily

If it Happened | We Covered it

How Secure is Your iPhone with a 6-Digit Passcode?

How secure, really, is your iPhone if you're just using a 6 digit passcode? According to researchers, not as secure as you might think.

iphone x

Over the years, Apple has made the iPhone much more secure.  We’ve got the ability to lock and unlock our phones with biometrics – whether that’s your face or your thumb.  But that doesn’t make the device as secure as it could be.  Also, over time, Apple has made some improvements to iOS security, but hackers have responded to this accordingly.  It seems like a never-ending cat and mouse game, where Apple tries to fix the issues, before “researchers” (hackers) can exploit the holes.  Will it ever end?  Unlikely.

As it currently stands, Apple is the one lagging behind.  In 2018, it was revealed that Cellbrite can now access any locked iPhone running any version of iOS as far back as iOS 5.  More recently, a new iPhone hacking “machine” known as GrayKey began making waves online.  According to reports, GrayKey is a relatively simple tool that can hack most iPhones.  So far, the tool is very popular among law enforcement agencies, and well, they can afford it since it costs $15,000.  I mean, who else is going to shell out that kind of cash in order to be able to hack an iPhone?  Sure, there is some valuable data on a phone, but that’s a big, upfront, investment.


Back in the day, a 4 digit passcode was enough.   But now, researchers are saying that 6 digits aren’t enough to keep your phone protected.  Crazy, right?  That’s why you should make your passcode 8 or 10 digits long.  According to cryptographer Matthew Green, from John Hopkins, it would only take a hacker 22 hours to get access to your phone.  That’s a worst-case scenario.  Best case, around 11 hours.  Regardless, that’s a full day of work.  Are there people out there so desperate to get their hands on my data that a passcode longer than 6 digits is necessary?

iphone x

I’m not saying that what’s on my phone isn’t sensitive, but if you want to spend 11-22 hours trying to figure out what my code is – go for it.  I’ll share with you some more numbers that Green indicates, but his statistics don’t take into consideration that some apps (banking, or password keeping) require a second level of authentication.  And not just by way of a passcode or a password – they want your fingerprint.  Which means, if you get into my phone, you can access my Twitter account, but you can’t get into my passwords or my banking, for example.    I’m not saying that this means you’re safe.  I think that whatever you can do to have a secure phone, you need to do.  I just wonder how safe people are being.

Green notes that it would take less than 13 minutes for someone to hack a 4 digit passcode, approximately 92 days for an 8 digit passcode, and then the number jumps considerably to 9259 days to hack a 10 digit passcode.  All of these numbers are “worst case scenario”, and it may not take quite that long.

While I think it’s great to have added security on your phone, I just wonder how realistic it is to go to these lengths.  Perhaps a 10 digit passcode isn’t your jam, and I can understand that.  Maybe opt for an 8 digit now to help.  Also, try to set up two-factor security on some of your more sensitive apps.

%d bloggers like this: