Skip to main content

How-To: Get the jump on Apple’s plans to fully secure your iPhone with two simple changes

passcode

It looks like Apple’s plans to strengthen iPhone security to make it impossible for the company to comply with future demands to hack into them will require new hardware. But you can already make it effectively impossible to gain access to your iPhone, even if Apple was forced to bypass passcode time-outs. All that is needed are two simple changes.

First, if you currently use a 6-digit passcode, change it to a longer one. If Apple removes the timeouts, and that compromised firmware gets into the wrong hands, it will take an average of just 11 hours to brute-force a 6-digit code. Simply doubling the number of digits to 12 means that the average time needed increases exponentially to 1,268 years.

If that isn’t enough for you, changing it to a complex alphanumeric one literally pushes the brute-force attack time into the millions of years. There is, however, one other weakness you need to address …

While your iPhone is encrypted locally, meaning that Apple doesn’t have the key, the same isn’t true of iCloud. That is encrypted, but Apple does have the key. That means Apple – or anyone able to gain access to that key – could gain access to the contents of your phone indirectly, by downloading your iCloud backup. That’s what Apple did in the San Bernardino case (at least, up to the point when the government changed the password).

Apple plans to come up with a method of encrypting iCloud backups in such a way that the company no longer holds a key, but in the meantime, switching off iCloud backup and switching instead to encrypted backups in iTunes will protect your data. Both steps take just a few minutes.

To change your passcode to 12 digits, go to Settings > Touch ID & Passcode > Change Passcode > Passcode Options > Custom Numeric Code and enter as many digits as you like. Or choose Custom Alphanumeric Code if you want to use letters too. Once that’s done, you’ll also notice the lock screen gives no clue as to how many digits or characters are needed (as shown in the photo above).

icloud

To stop backing up to iCloud – and delete your existing backup – go to Settings > iCloud > Storage > Manage Storage then select your device before pressing Delete Backup. When asked to confirm, select Turn Off & Delete.

You then need to switch to local backups in iTunes. Click on the devices icon in the tabbed menu, select your iPhone and then click the radio button for ‘This computer.’ Check the box for ‘Encrypt iPhone backup,’ and then click the Apply button at the bottom of the window.

itunes

Warning: backing up locally is much riskier than iCloud backups when it comes to protecting your data from being lost. If your house burns down, or someone steals your MacBook and external drives, that’s your phone backup gone.

You need to balance the risks of being hacked against the risks of losing your data. Personally, I consider the data loss risk far higher, so I’m happy to backup to iCloud and wait for Apple to upgrade the encryption there so I get the best of both worlds. But if you disagree, and consider hacking the greater risk, protecting yourself takes just minutes.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. dcj001 - 8 years ago

    I do not back up my iPhone and iPad to iCloud. I have always backed them up to my Mac. When I buy new devices, restoring my backups to the new devices is much quicker than restoring from iCloud back ups.

    • Ben Lovejoy - 8 years ago

      Yes, I use iCloud normally, but I do a manual iTunes backup when buying a new device. The encrypted backup saves some passwords and settings too.

      • Grayson Mixon - 8 years ago

        I wonder if they will add more things to the iCloud backup once those are as encrypted as the local iTunes backup.

        If not even Apple can get into the iCloud backup, why not give the user the option to backup everything?

    • dcj001 - 8 years ago

      Plus:

      The Encrypt Backup feature in iTunes locks and encodes your data. An encrypted iTunes backup includes certain information that other backups don’t:

      Your saved passwords
      Wi-Fi settings
      Website history
      Health data

      https://support.apple.com/en-us/HT205220

  2. taoprophet420 - 8 years ago

    With all these iPhone security and FBi posts we need 9to5security or 9to5Privacy.

    I vote for 9to5abc if you guys are forced to change 9to5Google.

    • srgmac - 8 years ago

      Why would they be forced to change 9to5Google?

      • taoprophet420 - 8 years ago

        Google blocked access to Adsense, because of the name, they have restored access to Adsense, but still might change the name.

  3. darevsek - 8 years ago

    Also, turn on your on the Erase Data (under Touch ID & Passcode at the bottom), it’s off by default. This will kill your phone after 10 failed passcode attempts. Can’t brute force if it kills after ten try’s.

    • JBDragon - 8 years ago

      This is what the FBI wants Apple to change so that it can brute force the iPhone. By making Apple install a modified version of iOS with a Valid certificate removing the 10 try wipe and the 80ms delay between digits and being able to connect through the lightning port to automate the entering of numbers until the computer goes threw it all instead of someone manually going 0000, 0001, 0002, 003 though 9999.

      So it’s not really a back door as much is it’s the FBI trying to force Apple to weaken the Front Door Security.

      • JBDragon - 8 years ago

        If been using a 8 digit code for a while now. I still use iCloud to back up some of my Data, but I encrypt on my computer as Restoring is faster and using Encryption backs up things like passwords, and health data and whatnot, which I would want on a new phone and not have to start from scratch once again.

      • michabailey - 8 years ago

        The 80ms delay isn’t between digits, it’s between attempts, and that’s impossible to get around. The way the password is converted into the encryption key takes 80ms to compute, and that can’t be changed.

  4. glyptus - 8 years ago

    Although privacy is a big concern, I don’t see why anyone would want to know anything about me. Even then, big deal. iCloud backups is fine since it’s more convinient. I understand if you have serious data like financial information for a corporation or etc… Your own business. But for the average user?

    • pdixon1986 - 8 years ago

      I’m just like you — i don’t take ‘naughty’ pictures, i don’t involve myself in illegal activity, there are a lot of people who post to facebook and twitter (which are not very secure), i have nothing to hide, and my financial data is secure (i do keep digital copies, they are stored with my bank) — granted, i would be worried if i were texting a lover with love messages…i wouldnt want a random person reading that…lol
      But i think people are just arguing about privacy for the sake of privacy — after all, if you really were that serious about your privacy, you would not be online…most people will pop up in a google search – those who use photos, again a google search could be used and possibly give me some more details…even your username and give away stuff…
      Plus there are reasons for people investigating our privacy – i for one are very happy for the government to be looking into peoples business – it means they are doing their job — i certainly wouldnt want to live in a world where its the local towns people who make the laws and decide stuff.

  5. Doug Aalseth - 8 years ago

    This kind of article is why I really like 9to5.

  6. PhilBoogie - 8 years ago

    I already changed the pin to a password. A different one than my AppleID and different to the login on my Mac. As for iCloud backup I’ve never been able to successfully restore, so simply backup to iTunes. With offsite backups I’m also safe in case of fire.

    Though I’m failing to see the point of backing up an iOS device in the first place. Everything except old SMS msg can be restored from the cloud with your credentials. At least with the apps I use; YMMV.

    • Tim LeVier - 8 years ago

      It’s so you don’t lose that Angry Birds high score.

      • PhilBoogie - 8 years ago

        Aha! Hadn’t thought about that. That may be of importance to some. Or many.

    • Kevin Labranche - 8 years ago

      Yes people should have lots of different STRONG passwords. You are right to do so…

  7. galley99 - 8 years ago

    Is it possible to use special characters or are you limited to the standard numeric keyboard?

  8. Kevin Labranche - 8 years ago

    I have been using passwords on my iOS devices since it was possible in conjunction with Touch ID and backup them with iTunes on a fully encrypted iMac. Keep good passwords that people can’t guess watch the websites you go on and were you use your credit card and you will never have a problem. Privacy and Security are very close in this case and people should have privacy and be in security all the time. ENCRYPT…

  9. paulywalnuts23 - 8 years ago

    Better be careful Ben, before you know it the FBI and DOJ will be coming after you for aiding terrorists by putting this info out there.. ;)

    • Jake Becker - 8 years ago

      Yeah, explain yourself Ben. Why do you hate America so much? :)

      • Ben Lovejoy - 8 years ago

        I know, all these alien values, like liberty and equality …

      • Grayson Mixon - 8 years ago

        You know, Ben. You don’t strike me as a true American. I thought we got rid of this kind of oppression when we split with Britain.

        You know, you might as well BE British, Ben. Just go on back to England, man.

        ;)

      • Ben Lovejoy - 8 years ago

        Wait, we don’t own you guys any more?

  10. Of course, such precautions will be moot once forcing Apple to write custom software updates via an All Writs Act order becomes precedent. Next thing you know that innocent looking software update everyone is doing really contains a government trojan on your phone. Encryption is no defense against that kind of attack.

    • Robert Wilson - 8 years ago

      That would be the scary part. All companies forced to put in backdoor and they can’t tell you.

      All I will say the book 1984

  11. owenplanet - 8 years ago

    Why not store a copy of the encrypted backup to iCloud Drive (or other cloud-storage provider?) Then you have all the benefits of local backup, with cloud-based data-loss protection.

  12. Matthew Fox - 8 years ago

    once you encrypt your backup to itunes, your itunes backup is vulnerable to a brute force attack, when there are no restrictions on the number of attempts. so if you do this, you should be using a password that is 30 to 63 alphanumeric characters long. the mac will keep it in its keychain. so now you just have to worry about the mac backing up the keychain to time machine.

    • srgmac - 8 years ago

      This is why Android Full Disk Encryption is really not good enough. The filesystem can be extracted in encrypted form, and then brute forced in the cloud by as many virtual machines as the three letter agencies are willing to throw at it. With Apple’s Secure Enclave solution, there really is no contest in terms of which is more secure. If someone found out how to flash the SE firmware, or manipulate the SE…That would not be good. IMHO Apple should hard-code the timeouts into the Secure Enclave so they can not be changed by firmware down the line. This alone would prevent brute forcing. You wouldn’t even need to have the “Wipe” option turned on, as there would be no possible way to prevent the time delays in between incorrect password guesses.

  13. Matthew Fox - 8 years ago

    hacking the itunes backup using brute force is what we used to do in the 1980-1990s to try and decrypt encrypted zip and arc files. GRCs (steve from spinrite) has a really good page called password haystacks that shows you the time needed to brute force passwords. anything over 13 characters is good enough
    but you might a well use the longest possible password, because os x will keep it in its keychain

    • srgmac - 8 years ago

      I have never, ever, been successful at brute forcing a password protected rar\zip\etc. Steve Gibson was the man back in the day, I loved SpinRite.

  14. Matthew Fox - 8 years ago

    you will probably have to type that password in to restore it though

  15. devnull043 - 8 years ago

    “If Apple removes the timeouts, and that compromised firmware gets into the wrong hands, it will take an average of just 11 hours to brute-force a 6-digit code. Simply doubling the number of digits to 12 means that the average time needed increases exponentially to 1,268 years”

    For those interested in how the above is calculated:

    According to https://www.apple.com/business/docs/iOS_Security_Guide.pdf, the hardware UID key ties the passcode key to the iPhone with an iteration count of 80 milliseconds. There are 10^6 or 1 million possible 6 digit passcodes using the 10 digits 0-9. With no enforced delay, a .08 second iteration count limits passcode attempts to 12.5 per second. 10^6 / 12.5 = 80,000 seconds or 22 hours, 13 minutes, and 20 seconds. Round off to 22 hours. The mean (average) of 0, 22 is 11 hours. There are 10^12 or 1 trillion possible 12 digit passcodes. 10^12 / 12.5 = 80,000,000,000 seconds or 2,535 years rounded off, the mean of which is 1,268 years.

  16. srgmac - 8 years ago

    “Apple plans to come up with a method of encrypting iCloud backups in such a way that the company no longer holds a key”
    That will be an absolute disaster in terms of public policy if this actually happens — Think about it — up until now, the governments of the world have been happy with Apple giving them the iCloud data. Now, the FBI / DOJ isn’t even satisfied with that anymore. They want more. They ALWAYS will want more.
    I would just like to add one more thing to this article — If you care about security, use a device that has a Secure Enclave (TouchID) — on those devices, the timeouts are limited by the Secure Enclave itself — and it has a hardware 256-bit AES encryption key that can’t ever be read, not even by milling down the chip and examining the PCB with an electron microscope. That means that if anyone ever wanted to parallelize the brute forcing of the device, they would need to know what that key is — in other words, the brute forcing can *never* be parallelized, because the check always comes back to that key that can’t ever be read.

    • rob nienburg (@robogobo) - 8 years ago

      Then they just take the dead terrorist’s thumb and unlock the phone the easy way, unless he manages to power it off before dying.

      • Single Dad - 8 years ago

        That is one approach. :)
        Joking aside, when my daughter was unconscious in the hospital and no one knew why she had collapsed at school, I tried using her thumb to unlock the iPhone. A problem with it is that, after a few unsuccessful attempts, Touch ID is disabled and you MUST enter the password/code to access the device.

  17. plakatblog - 8 years ago

    Time Capsules should be underground anyway.

    If your house burns down, or someone steals your MacBook and external drives, that’s your phone backup gone.

    Nope

  18. pdixon1986 - 8 years ago

    Another thing to make your phone secure – not necessarily for protection of data – is to activate sim lock… your sim card can also store some data

  19. srgmac - 8 years ago

    Serious question here — On my iDevice, I have iCloud Backup itself turned OFF.
    However, I have iCloud Drive ON, Contacts ON, Calendars, ON, Notes ON, News ON, Wallet ON, Find My iPhone ON — everything else off.
    Question…Are my iMessages still getting stored on Apples iCloud servers? If so, for how long?
    Any way to prevent them from being stored there at all?
    Thanks to anyone who can answer.

    • srgmac - 8 years ago

      The only thing I can find for certain from Apple in regards to a time table — From the iOS 9 white paper released by Apple:
      http://www.apple.com/business/docs/iOS_Security_Guide.pdf

      “As with all push notifications, the message is deleted from APNs when it is delivered. Unlike other APNs notifications, however, iMessage messages are queued for delivery to offline devices. Messages are currently stored for up to 30 days.”

  20. Jeffrey Goodman - 8 years ago

    Curious, does a brut force attack program know to randomly start with a number and move forward randomly only excluding previous entries or is there some further delay associated with that? I assume thats easy to program but otherwise you would always want a pin starting at a high number…

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear