You are here

iPhone: Building A Better Passcode

Submitted by rob on Mon, 04/26/2010 - 11:56

Most people have heard of, seen, or touched an iPhone; and millions more use them every day. They are a very handy and convenient device, so much so that people tend to accumulate a lot of personal information (contacts, notes,web sites and their logins, etc) on them.

This makes the device a prime target for attackers, both pranksters and malicious ones. If you leave you phone unattended anywhere, chances are, someone is going to pick it up and look at it and try to do something, so your first defence is to have a passcode set for your device, you can configure this in the devices Settings -> General -> Passcode Lock screen. This screen will allow you to select a four digit passcode that must be entered to access your device when unlocking it, you should also set the Auto Lock setting to immediate.

This will stop the casual person from picking up your iPhone and doing most things, they can still make an emergency call and answer your phone.

For most people a 4 digit code is good, but what if you want better, enter the iPhone Configuration Utility. This utility is primarily for enterprises where they want to have a consistent profile across their enterprise iPhones, and it allows the administrator to set-up various configuration profiles to be installed on iPhones, but individuals can also use the tool to set up a configuration profile for their iPhone(s) as well.

Once you have installed the program and have your iPhone connected to your system, fire up the iPhone Configuration Utility and you will see a screen like so:

On the Main screen, you can see your iPhone's information and you can set the owner name and e-mail as well.

The item we are interested in is in the Configuration Profile page, so select that item on the left hand side list to see the following page:

On this page you give you configuration profile a name, a unique identifier, organization, and a description. Use what ever values you want to identify your configuration profile. Also on the General page if you scroll down is the security option, this controls how and when the profile can be removed from the iPhone, there are 3 possible options:

  • Always
  • With Authorization
  • Never

Select the one that best suits your needs, I went with Always for this example.

Once you have your general configuration done, you can move to the next section Passcode, which will give you the following screen:

This is where you can set some "real" passcode rules, you can make the passcode mandatory, set minimum values and complexity rules. The nice thing about this is that once you set the option of a passcode that contains complex characters, and I would suggest a minimum length of 6, that gives you a full keyboard to enter your passcode, not just the numbers 0-9.

That will give you a total of 97 standard characters (upper and lower case letters, numbers, and symbols), more if you use umlaut's and such but we will stick with just the standard for now, and with a 6 character length that will give you, if you allow for repetition, 832,972,004,929 possible combinations, with no repetition you would still have 711,484,104,960 possible combinations. Much better than the 10,000 possible with the straight 4 digit passcode system.

Once you have you configuration profile set the way you like, then you can select your iPhone from the device list on the lefthand side and then select the Configuration Profile tab for your device:

Here under the Install item you can click on Install (shows as remove on my screen shot as I had already installed my profile) and that will install the profile onto your iPhone.

Now when you go into your passcode set-up, you will have a text entry box and a full keyboard available to set your iPhone passcode.

Have fun, and enjoy, but remember your new complex passcode!