An Easy Way to Dramatically Improve iPhone (or Any Phone) Security

A password with letters and numbers is a much better way to protect your phone than a four-digit "simple passcode."
  • Al Sacco (CIO (US))
  • 28 October, 2014 03:22

This past weekend, as I stood in line at a Whole Foods market in Portland, Maine, waiting to buy delicious Maine beer, I did something kind of sketchy. I'm not proud of it.

The woman in front of me was watching the clerk tally her purchases. As she pulled her iPhone from her pocket to check Twitter or fire off a quick text, I took a glance at the device to see what model iPhone it was -- I can't help it, I shamelessly check out other people's phones, so what?

It all happened fast, and I happened to notice the four-digit code she entered to unlock it. I didn't mean to; I was just looking at the phone. (It was a gold iPhone 5s, and the passcode was 2727, if you must know.)

I wasn't even trying to see it. Imagine how easy it would be for a potential thief on the train, or standing in line at a Whole Foods -- hey, it could happen -- to watch her enter her code, grab the phone and run off to his subterranean liar or wherever people who steal phones go to wind down after a lengthy day of larceny.

I probably wouldn't have written this post if Whole Foods Lady had just used Touch ID and her fingerprint to unlock her device. So, lesson one: If you have an iPhone with Touch ID, use it. It works really well, and it helps protect your passcode from prying eyes.

The real point of this post: Don't use "simple" passcodes to protect your smartphone, whether it's an iPhone, Android, BlackBerry, Palm Pre, whatever. You should use an actual password and not a four-digit code. It's much more difficult to see and remember a password than a short code, especially if the password is a random set of letters and numbers. (Of course, experts suggest Really Bad Guys can use brute force attacks to crack iPhones' four-digit codes and longer password, but why make it easier on them?)

It's unrealistic to expect the average Jill iPhone to use a lengthy, random password, because they are hard to remember and even harder to type on touch screen keyboards. It's easy enough, however, to use a word that's meaningful, and memorable, to you and then throw your lucky number at the end. And if you use a fingerprint reader, you'll rarely have to enter the password anyway.

Today's smartphone owners store more and more sensitive information on their phones, and while the four-digit code is certainly better than no passcode at all, it really doesn't cut it these days. A fingerprint-based access system such as Apple's Touch ID or the Samsung Finger Scanner, secured with a password and not a passcode, is a much more suitable option for security-minded users.

To disable the iPhone's "simple passcode" option and enter in a new password, tap your iPhones Settings icons, choose Touch ID and Passcode, and enter in your current passcode if you're using one. Next, turn the Simple Passcode option off, and then enter your new password, confirm it, and you're good to go.

It's also a good idea to keep an eye out for sketchy weirdoes with their hands full of beer bottles, peeking at your phone while you wait in line at the supermarket to pay for organic produce.