If you have an Apple device new enough to have TouchID, you’ll need to start thinking of new passcodes for iOS 9. Apple is getting rid of the four-digit passcode* in its upcoming software upgrade.

*Correction: I didn’t look through the options closely enough before hitting publish. While the new default is six-digits, you can still use a four-digit passcode if you click “Passcode Options” Thanks to commenters to pointing that out. I did a stupid.


Apple is encouraging stronger passwords by requiring at least six digits and allowing longer alphanumeric strings. This will make passcode-protected phones harder to crack, since there will be 1 million permutations of the passcode instead of 10,000.

It’s an improvement, but it’s far from truly secure. For starters, horrible six-digit passwords like “123456” remain oddly common considering it’s 2015, and they’re even worse than a decent four-digit jumble of numbers. Brute force attacks will take longer, but a six-digit code is still vulnerable.

You could take advantage of Apple’s maximum passcode character limit and come up with a passphrase, but having to type in a complicated passphrase every time you want to check your phone would probably be very annoying. The passcode option is still optional, so if you want to play with thief-friendly fire you can just opt out altogether.


Using the TouchID function and Apple’s new two-factor authentication in addition to creating a slightly longer passphrase that is absolutely not “111111” or [pet name] [your birthday] is the sanest choice.

[Ars Technica]

Contact the author at kate.knibbs@gizmodo.com.
Public PGP key
PGP fingerprint: FF8F 0D7A AB19 6D71 C967 9576 8C12 9478 EE07 10C