The iPhone includes a passcode lock feature. About a year ago, when iPhone Software 2.0 was out, Apple received bad publicity because there was an easy way to bypass the passcode just by double-clicking the home button. That flaw was fixed last year and there have been other updates to the iPhone passcode lock feature in iPhone Software 3.1, so I thought this would be a good time to take a close look at this feature.
You enable the feature by going to Settings --> General --> Passcode Lock. The default is to have a four character passcode, all numbers (although as noted below, this can be changed to something more complicated). When the passcode lock is turned on, a person who picks up your iPhone cannot use it (except for emergency calls) without entering the four digit password. The passcode lock is a nice first level of security for your iPhone just in case it is picked up by a "bad guy" or, for that matter, a child.
A person who picks up an iPhone with the passcode lock enabled has 10 chances to enter the correct code, but that doesn't mean that he can just try 10 different codes in a row. After six incorrect attempts, the person must wait one minute before trying again. If the seventh attempt is wrong, the person must wait 5 minutes before trying again. If the eighth attempt is wrong, the person must wait 15 minutes before trying again. If the ninth attempt is wrong, the person must wait 60 minutes before trying again. After 10 incorrect attempts, what happens next depends upon your settings. By default, after 10 incorrect attempts the iPhone tells you that you must connect the iPhone to iTunes to unlock it and does not allow you to try to guess the password again. Alternatively, in Settings --> General --> Passcode Lock you can turn on the "Erase Data" after 10 failed passcode attempts feature. With this on, after 10 incorrect attempts, the iPhone will erase all data. On an iPhone 3GS, this happens instantly because the 3GS simply removes the encryption key to all data on the device. On the original iPhone and the iPhone 3G, the iPhone erases all data by writing over the data, a process that can take two hours or more. (You can't use the iPhone while this is taking place.) Note that one danger of telling your iPhone to erase all data after 10 incorrect attempts is that you will no longer be able to use MobileMe to track your iPhone's location, send messages to the iPhone, etc. If you accidentally erase all data on your iPhone, you can still restore the data by using iTunes to apply your latest backup.
You can set how long it takes for the iPhone's passcode lock to be enabled. The choices are immediately (every time you wake the iPhone), after 1 minute, 5 minutes, 15 minutes, 1 hour or 4 hours. However, starting with iPhone Software 3.1, if you are syncing with a Microsoft Exchange server for e-mail, contacts or calendar, you may find that you have fewer options. For example, here are two screen shots of the Require Passcode setting. The one on the left is from my iPhone; the one on the right is from another lawyer's iPhone who does not work at my law firm. Both of us are using Exchange and both of us are running iPhone 3.1, but you can see that I have fewer options:
I am more limited because my law firm's Exchange server imposes a "maximum inactivity time lock" on mobile devices. (I believe that ours is set to 20 minutes, and when you combine the up to 5 minutes before an iPhone auto-locks plus up to 15 minutes for a passcode lock, that is a maximum of 20 minutes of inactivity to lock the iPhone.) Before iPhone Software 3.1, the iPhone did not pay attention to an Exchange Server's maximum inactivity time lock. This was a security flaw, one that was pointed out to Apple by iPhone users at PepsiCo, Intel Corporation, Edward Jones and Agilent Technologies. When Apple fixed this issue in 3.1, it explained what it had done on this page and gave credit to the individuals at those companies who pointed out the flaw. So if you, too, are looking to become famous on an Apple security page, let them know if you find another security flaw.
Speaking of iPhones and Exchange servers, the following Exchange ActiveSync password policies are supported in iPhone Software 3.1:
- Require a password
- Minimum password length
- Maximum failed password attempts
- Require both numbers and letters in the password
- Inactivity time in minutes
- Allow or prohibit simple password
- Password expiration
- Password history
- Minimum number of complex characters in password
Even if a company doesn't use Exchange, a company can set these settings by using device profiles. The following comes from the Apple Enterprise Deployment Guide (PDF link), which explains what the different passcode settings mean:
- Require passcode on device: Requires users to enter a passcode before using the device. Otherwise, anyone who has the device can access all of its functions and data.
- Allow simple value: Permits users to use sequential or repeated characters in their passcodes. For example, this would allow the passcodes "3333" or "DEFG."
- Require alphanumeric value: Requires that the passcode contain at least one letter character.
- Minimum passcode length: Specifies the smallest number of characters a psscode can contain
- Minimum number of complex characters: The number of non-alphanumeric characters (such as $, &, and !) that the passcode must contain.
- Minimum passcode age (in days): Requires users to change their passcode at the interval you specify
- Auto-Lock (in minutes): If the device isn't used for this period of time, it automatically locks. Entering the passcode unlocks it.
- Passcode History: A new passcode won't be accepted if it matches a previously used passcode. You can specify how many previous passcodes are remembered for comparison.
- Grace period for device lock: Specifies how soon the device can be unlocked gain after use, without re-prompting for the passcode.
- Maximum number of failed attempts: Determines how many failed passcode attempts can be made before the device is wiped. If you don't change this setting, after six failed passcode attempts, the device imposes a time delay before a passcode can be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, all data and settings are security erased from the device. The passcode time delays always begin after the sixth attempt, so if you set this vlue to 6 or lower, no time delays are imposed and the device is ereased when the attempt value is exceeded.
Does the use of a passcode lock mean that no bad guys could ever access your personal data on the iPhone? Unfortunately, no. Security experts such as Jonathan Zdziarski have come up with ways for law enforcement agents to recover data from an iPhone notwithstanding the iPhone's built-in security features. If cops know how to do it, you can bet that there are some bad guys who also know. A garden-variety thief won't know how to do this, but a smart and dedicated hacker can probably find a way to access data on your iPhone if he tries hard enough. (For example, see this article from Wired.)
While the passcode lock is not a perfect security solution for your iPhone, I still believe it is worthwhile feature to enable and I encourage you to do so if you are an attorney or otherwise have confidential information on your iPhone (such as in your emails). It is a minor annoyance to have to enter a passcode after 15 minutes (or up to 4 hours) of non-use, but it provides you with security that will stop all but a few elite hackers from gaining access to you e-mail and other personal data if your iPhone falls into the wrong hands.
[UPDATE 4/22/10: Here is an article from the Apple Knowledge Database on understanding the passcode lock feature.]