Apple’s iOS 9 will include six-digit PIN codes as well as two-factor authentication, creating one million different PIN combinations, a far cry from the 10,000 combinations previously available using four-digit codes.
Those measures should offer relief for companies struggling to secure BYOD. An IBM study of one million BYOD and corporate-issued devices found that nearly 90 percent of companies allowing BYOD only require simple numeric PIN numbers with almost 80 percent of those only requiring four- or five-digit PINs. That could open those companies up to risk since, according to the iOS Hacker’s Handbook, a short passcode can be compromised in less than 18 minutes.
David Reiff, co-founder and vice president of uBreakiFix told SCMagazine.com that the added complexity may serve other purposes as well.
“Usability-wise it will be more of a pain to enter your passcode, I think it’s going to push users to use Touch-ID rather than entering their PIN code to unlock their phone,” he said.
He added that the Touch-ID option is more secure and that Apple benefits from people using it because applications like Apple Pay and some third-party applications require users to enable the feature.
Apple also said that two-factor authentication will be built into OSX El Capitan and iOS 9. Once enrolled, users will be prompted for a verification code any time they sign into their Apple ID account from a new device or browser. The code will either be sent to a user’s phone or will automatically display on another Apple device that is already registered. A user will be signed in after entering the code.
“I think their the goal is to get as many iCloud users using two-factor authentication,” Reiff said.
He explained that the feature also will help prevent unauthorized access to iCloud accounts, as happened in a celebrity photo hacking incident that occurred last year.
Reiff also noted the Apple placed a strong emphasis on the encryption of the data it collects on its users so that device use and behaviors aren’t connected to a user’s personal information.