The iPhone includes a passcode lock feature. About a year ago, when iPhone Software 2.0 was out, Apple received bad publicity because there was an easy way to bypass the passcode just by double-clicking the home button. That flaw was fixed last year and there have been other updates to the iPhone passcode lock feature in iPhone Software 3.1, so I thought this would be a good time to take a close look at this feature.
You enable the feature by going to Settings --> General --> Passcode Lock. The default is to have a four character passcode, all numbers (although as noted below, this can be changed to something more complicated). When the passcode lock is turned on, a person who picks up your iPhone cannot use it (except for emergency calls) without entering the four digit password. The passcode lock is a nice first level of security for your iPhone just in case it is picked up by a "bad guy" or, for that matter, a child.
A person who picks up an iPhone with the passcode lock enabled has 10 chances to enter the correct code, but that doesn't mean that he can just try 10 different codes in a row. After six incorrect attempts, the person must wait one minute before trying again. If the seventh attempt is wrong, the person must wait 5 minutes before trying again. If the eighth attempt is wrong, the person must wait 15 minutes before trying again. If the ninth attempt is wrong, the person must wait 60 minutes before trying again. After 10 incorrect attempts, what happens next depends upon your settings. By default, after 10 incorrect attempts the iPhone tells you that you must connect the iPhone to iTunes to unlock it and does not allow you to try to guess the password again. Alternatively, in Settings --> General --> Passcode Lock you can turn on the "Erase Data" after 10 failed passcode attempts feature. With this on, after 10 incorrect attempts, the iPhone will erase all data. On an iPhone 3GS, this happens instantly because the 3GS simply removes the encryption key to all data on the device. On the original iPhone and the iPhone 3G, the iPhone erases all data by writing over the data, a process that can take two hours or more. (You can't use the iPhone while this is taking place.) Note that one danger of telling your iPhone to erase all data after 10 incorrect attempts is that you will no longer be able to use MobileMe to track your iPhone's location, send messages to the iPhone, etc. If you accidentally erase all data on your iPhone, you can still restore the data by using iTunes to apply your latest backup.
You can set how long it takes for the iPhone's passcode lock to be enabled. The choices are immediately (every time you wake the iPhone), after 1 minute, 5 minutes, 15 minutes, 1 hour or 4 hours. However, starting with iPhone Software 3.1, if you are syncing with a Microsoft Exchange server for e-mail, contacts or calendar, you may find that you have fewer options. For example, here are two screen shots of the Require Passcode setting. The one on the left is from my iPhone; the one on the right is from another lawyer's iPhone who does not work at my law firm. Both of us are using Exchange and both of us are running iPhone 3.1, but you can see that I have fewer options:
I am more limited because my law firm's Exchange server imposes a "maximum inactivity time lock" on mobile devices. (I believe that ours is set to 20 minutes, and when you combine the up to 5 minutes before an iPhone auto-locks plus up to 15 minutes for a passcode lock, that is a maximum of 20 minutes of inactivity to lock the iPhone.) Before iPhone Software 3.1, the iPhone did not pay attention to an Exchange Server's maximum inactivity time lock. This was a security flaw, one that was pointed out to Apple by iPhone users at PepsiCo, Intel Corporation, Edward Jones and Agilent Technologies. When Apple fixed this issue in 3.1, it explained what it had done on this page and gave credit to the individuals at those companies who pointed out the flaw. So if you, too, are looking to become famous on an Apple security page, let them know if you find another security flaw.
Speaking of iPhones and Exchange servers, the following Exchange ActiveSync password policies are supported in iPhone Software 3.1:
- Require a password
- Minimum password length
- Maximum failed password attempts
- Require both numbers and letters in the password
- Inactivity time in minutes
- Allow or prohibit simple password
- Password expiration
- Password history
- Minimum number of complex characters in password
Even if a company doesn't use Exchange, a company can set these settings by using device profiles. The following comes from the Apple Enterprise Deployment Guide (PDF link), which explains what the different passcode settings mean:
- Require passcode on device: Requires users to enter a passcode before using the device. Otherwise, anyone who has the device can access all of its functions and data.
- Allow simple value: Permits users to use sequential or repeated characters in their passcodes. For example, this would allow the passcodes "3333" or "DEFG."
- Require alphanumeric value: Requires that the passcode contain at least one letter character.
- Minimum passcode length: Specifies the smallest number of characters a psscode can contain
- Minimum number of complex characters: The number of non-alphanumeric characters (such as $, &, and !) that the passcode must contain.
- Minimum passcode age (in days): Requires users to change their passcode at the interval you specify
- Auto-Lock (in minutes): If the device isn't used for this period of time, it automatically locks. Entering the passcode unlocks it.
- Passcode History: A new passcode won't be accepted if it matches a previously used passcode. You can specify how many previous passcodes are remembered for comparison.
- Grace period for device lock: Specifies how soon the device can be unlocked gain after use, without re-prompting for the passcode.
- Maximum number of failed attempts: Determines how many failed passcode attempts can be made before the device is wiped. If you don't change this setting, after six failed passcode attempts, the device imposes a time delay before a passcode can be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, all data and settings are security erased from the device. The passcode time delays always begin after the sixth attempt, so if you set this vlue to 6 or lower, no time delays are imposed and the device is ereased when the attempt value is exceeded.
Does the use of a passcode lock mean that no bad guys could ever access your personal data on the iPhone? Unfortunately, no. Security experts such as Jonathan Zdziarski have come up with ways for law enforcement agents to recover data from an iPhone notwithstanding the iPhone's built-in security features. If cops know how to do it, you can bet that there are some bad guys who also know. A garden-variety thief won't know how to do this, but a smart and dedicated hacker can probably find a way to access data on your iPhone if he tries hard enough. (For example, see this article from Wired.)
While the passcode lock is not a perfect security solution for your iPhone, I still believe it is worthwhile feature to enable and I encourage you to do so if you are an attorney or otherwise have confidential information on your iPhone (such as in your emails). It is a minor annoyance to have to enter a passcode after 15 minutes (or up to 4 hours) of non-use, but it provides you with security that will stop all but a few elite hackers from gaining access to you e-mail and other personal data if your iPhone falls into the wrong hands.
[UPDATE 4/22/10: Here is an article from the Apple Knowledge Database on understanding the passcode lock feature.]
I would like to reset my autolock for 1 hour and can't seem to find this option on my iPhone 3GS. It only allows for 15 mins tops.
Where can I find the feature for the 1 hour autolock?
Thank you,
[Jeff responds: Debbie, I suspect that you are using Exchange at your law firm, and the Exchange security settings don't allow it go to that long.]
Posted by: Debbie | October 05, 2009 at 10:40 AM
I would like to allow 4 hours for reset. I was able to edit my activesync settings in the exchange 2007 console to allow 60 minutes (was previously limited to 15) however it seems like 60 minutes is the maximum it will allow, when I tried to enter 240, it wouldn't allow it.
Any suggestions?
Posted by: Siamac | October 27, 2009 at 03:03 PM
My Iphone no longer has the option to turn off the pass code. If I completely renew the phone it is there but when I bring back my backup to the phone the inability to turn it off returns. any advice
[Jeff responds: Are you syncing with an Exchange server? If so, the administrator may have that option turned off for security reasons.]
Posted by: John Heslinga | May 10, 2010 at 10:09 PM
Is there a way to lock the phone immediately, instead of waiting for the phone to timeout? For example, I just called someone, but now I'm setting the phone down and want to password lock it.
Posted by: Carl | June 02, 2010 at 07:49 AM
I am on holiday and I have my iPhone synced to my Mac at home I am on the 10th go and don't know what to do I don't mind losing all the data as I have it all backed up I just want to use SMS and phone but I am not sure if I have erase all data if I do this and have erase all data on can I access my phone or do I need to connect it to itunes
Posted by: Charlie | August 18, 2010 at 06:38 AM
An important question that is not answered in this article...
What if a passcode locked iPhone is connected to iTunes (a new iTunes that doesn't know this iPhone), would iTunes require a passcode to begin syncing?
If not, it seems that anyone could simply "sync" your phone with their iTunes library and just sift through the backup that iTunes makes at their leisure... Thus accessing all your data without needing any elite hacker skills.. (just an iPhone backup browser software that is freely available)
Posted by: Dmitri | September 22, 2010 at 03:50 AM
I think what Randy wants (and me too) is a “quick way to immediately lock my iPhone so that it requires a code to unlock” not as the default set up… but only to be used in rare occasions.
I like that I can go in and out of my phone for a while without entering the code. But once in a while you want to leave it on a table and know that it’s been immediately locked. And its a pain to adjust setting for this rare occasion.
Solution? Is there an app for that?
Posted by: George | July 14, 2011 at 05:59 PM
doea it work on an iphone 3g or just iphone 3gs
[Jeff responds: Both.]
Posted by: linna | September 23, 2011 at 11:15 AM
Turns out I' ve typed my passcode (I think it was the right one) and the device just went inactive for 5 minutes. There was no incorrect attempt! Is this a bug? I heard once iPhone ' d pick up past incorrect attempts and randomly lock but don' t know if its true. Thx!
Posted by: Gordon P. | December 21, 2011 at 05:13 AM
My company wants a 5 character passcode on my iPhone. How do I set that up?
[Jeff responds: If you are using Microsoft Exchange for e-mail at your company, your IT department can set requirements for passwords including iPhone passwords. Otherwise, you can use a utility from Apple called the "iPhone Configuration Utility" to change the length and to allow both letters and numbers. Details are here: http://support.apple.com/kb/DL851 ]
Posted by: Sharon | December 22, 2011 at 04:15 PM