passcode
Latest
Apple makes it easier to skip Face ID if you’re wearing a mask
Apple lets beta users skip Face ID when they're wearing a mask.
FBI asks Apple to help unlock iPhones of suspected naval station shooter
The FBI is once again asking Apple to help it access iPhones for the sake of an investigation. The bureau has sent a letter to Apple's general counsel requesting the company's help in unlocking the two iPhones of Mohammed Saeed Alshamrani, the man believed responsible for killing three people at Naval Air Station Pensacola. FBI officials have requested help from other agencies and countries as well as "familiar contacts in the third-party vendor community," but are hoping Apple will make their lives easier. One of those contacts might be CelleBrite, which reportedly helped the FBI crack San Bernardino shooter Syed Farook's iPhone 5c.
G Suite pincode verification gives non-Google users access to files
While a company can require its employees to create Google accounts for collaborative work, it can't always force clients to do the same thing. Especially if those clients still swear by Google's competitors, like Microsoft. Now, Mountain View is making it possible for anyone to access Docs, Sheets and Slides files even if they don't have a Google account and even if they refuse to make one -- perhaps as part of its efforts to entice people to sign up, as well. The tech giant has launched the beta version of a new pincode identity verification process that allows G Suite users to invite non-G-Suite ones to collaborate on a file.
Apple's new USB security feature has a major loophole
Apple's new USB Restricted Mode, which dropped with the iOS 11.4.1 release yesterday, may not be as secure as previously thought. The feature is designed to protect iPhones against USB devices used by law enforcement to crack your passcode, and works by disabling USB access after the phone has been locked for an hour. Computer security company ElcomSoft, however, has found a loophole.
How police are using corpses to unlock phones
If you've ever imagined a scenario where police demand you unlock your phone and thought, "Over my dead body!" — we have bad news for you. Here in our absurd dystopian future, having a phone means that upon your demise you could find yourself participating -- limp and lifeless -- in a legal search and seizure of your own digital property.
Man gets 180 days in jail for not handing over his iPhone PIN
US courts are still torn about how to handle defendants who refuse to give up passcodes for encrypted smartphones, judging by two recent court cases reported in the Miami Herald. In one, child abuse defendant Christopher Wheeler got six months in jail for failing to provide a correct code, despite pleas to the judge that he couldn't remember it. In a different court, a judge let off Wesley Victor (accused of extortion), even though he also claimed to have forgotten his iPhone code.
The FBI is briefing senators on how it cracked the iPhone's passcode
Last month, the FBI dropped its court case compelling Apple to unlock an iPhone 5c that was part of an investigation into a terrorist attack in San Bernardino after figuring out how to hack into it without Apple's help. But the agency has thus far kept its mouth shut about how exactly it managed to bypass the phone's passcode and auto-erase features. According to the National Journal, however, a few high-ranking government officials are being briefed on the FBI's techniques. (A subscription is required for the National Journal, but you can see the related text from the story here.) Senator Diane Feinstein (D-CA) reportedly had a meeting with the agency in which it detailed how it got into the locked iPhone; Senator Richard Burr (R-NC) was offered a similar meeting but hasn't taken it just yet.
Tim Cook: FBI backdoor order is 'chilling' and 'dangerous'
After it emerged that the FBI was demanding that Apple create a backdoor in its iOS software to help agents access information on the San Bernardino shooter's iPhone, CEO Tim Cook has taken the unusual step of publicly commenting on the matter. In an open letter posted to the company's website, Cook details Apple's involvement in the case, when a locked iPhone was recovered following a terrorist attack that killed 14 people and injured 22 more on December 2nd, and explains why it's "too dangerous" for the company to acquiesce to government demands.
Emoji passcodes promise more security than numbers
There's little doubt that PIN codes are lousy security measures. They're not only easy to crack (there are just 7,290 non-repeating four-digit combos), but hard to remember at first. Intelligent Environments thinks there's a better way: replace them with emoji. Its Android banking app asks you to pick from 44 familiar messaging icons for your passcode, which both expands the potential combinations (to nearly 3.5 million) and should be easier to recall than either numbers or words. The emoji should also eliminate the temptation to use readily available info -- "penguin police pumpkin lipstick" isn't as easy to deduce as your birthday.
Virginia court says fingerprint-locked smartphones are fair game
Here's some trivia for your next trip to the pub. Did you know that, in Virginia, you don't have to tell the cops your phone's unlock code, but you're obliged to open it if you use a fingerprint based passcode? It's a quirky piece of legal precedent that's just been established in the state after a key piece of legal evidence was believed to be trapped on the defendant's smartphone. According to The Virginian-Pilot, the court ruled that the fifth amendment's provisions against self-incrimination protect against giving up your passcode, but that since a fingerprint is already taken by the police - same as DNA or handwriting samples - it's fair game. Naturally, this is just one circuit court judgment in one state, but we imagine this is the sort of thing winding up at the supreme court in a few years time.
Researchers crack iPad, iPhone PINs
"Shoulder surfing" refers to the practice of looking over someone's shoulder to watch them enter a PIN on a mobile device, like an iPad. It's not the most sophisticated hack ever, but it works, as long as the interloper has a line of sight. However, researchers from Lowell, Massachusetts have removed that restriction. The group at UMass Lowell has devised a way to reliably capture a user's four-digit passcode without seeing his or her iPad's screen. Using a camera and the knowledge that the lock screen's keyboard is static, the group's software can reference finger movements to estimate the passcode as it's typed. In fact, they were able to accurately guess a target PIN 83% of the time. When targeting the iPhone 5, the success rate jumped to 100%. That doesn't mean you've got to run into a broom closet whenever you unlock your iPhone or iPad. Just exercise a little caution. Meanwhile, the group is working on a way to randomize the Android keypad, to help prevent this very type of snooping. Hopefully Apple's Touch ID technology will make it to more devices soon, making this type of hack a moot point for Apple users.
How to set up a complex passcode on your iOS device
Smartphones and tablets these days store an incredible amount of information, and with much of it sensitive and personal, many users like to keep their device somewhat private by limiting who has access. With the introduction of Touch ID on the iPhone 5s, Apple sought to make iOS devices more secure by making security as simple as a fingerprint. But with Touch ID currently an iPhone 5s-only feature, where does that leave all other iOS users? Thankfully, there's a solution. The default passcode setting in iOS 7 only allows for a 4-digit numeric string, otherwise known as a simple passcode. But when you're really serious about device security -- or just want to be extra sure no one finds out about your Taylor Swift app or questionable weekend photos -- iOS 7 offers more complex passcode protection. With a complex passcode, you can pick a passcode that includes letters, numbers, and special characters. What's more, a complex passcode can be much longer than just four characters. In iOS 6, the string limit was 37 characters long. But in iOS 7 I was able to enter in over 90 characters without receiving a warning about having too long of a passcode. This makes the task of guessing another's passcode exponentially more difficult. Time to get started. To set a passcode that can include numbers, letters, and special characters, go to Settings > General > Passcode Lock. If you've grown weary of Touch ID and would like to do this on an iPhone 5s, it's listed under Settings > General > Touch ID & Passcode. Next, simply toggle off the "Simple Passcode" setting. If you haven't set up a passcode at all yet, you'll first have to select the "Turn Passcode On" option located near the top of the settings pane. Upon doing so, you will be prompted to enter a complex passcode with the ability to choose from an array of numbers, letters, and special characters. You'll be prompted to enter the passcode twice, the first time you tap 'Next' to continue and the second time you tap 'Done.' While you can insert special characters like ñ or é in a complex passcode, you unfortunately cannot use emoji icons. Which is a damn shame because a passcode like this would be pretty cool. As is always the case, it's important to make sure that your passcode is hard for others to guess but easy for you to remember. After setting up a complex passcode, your new passcode lock screen will look like this, offering up a full text-and-number keyboard for your passcode entry. Is a Complex Passcode even necessary? With a 4-digit numeric passcode, there are potentially 10^4 (10,000) different passcode options. That sure seems like a lot, but a study on common iOS passwords reveals that many people still rely on passcodes that aren't terribly hard to guess. Some common passcodes to avoid include 1234, 0000, 2580, 1111, 5555 and 5683 (which spells out 'love'). Also try and avoid passcodes that represent (easy to guess) birth years such as 1949, 1985, and 1999. When using a complex passcode, however, the number of possible passcode combinations increases exponentially. With about 77 characters (numbers+letters+special characters) to choose from, and a passcode that can be as long as 50 characters (at least), that's already 77^50 possible permutations right there, making it effectively impossible for anyone to ever guess your passcode without peering over your shoulder. Even opting for a slightly longer 6 character passcode increases the number of possible passcode combinations from 10,000 to 208.4 billion (77^6). And with that, may your device always remain secure from prying eyes. As a final note, this comic strip about password strength from XKCD is on topic and worth sharing.
Use special characters for a more secure iPhone passcode
The iPhone's passcode feature offers front-line security to your device and its contents. If you're not using a passcode, you ought to seriously consider it. I know that typing it over and over is a pain, but I guarantee it's less painful than losing a phone that's wide open. There are two types of passcodes available: simple and complex. A simple passcode is restricted to four numbers, while a complex passcode can be longer and include letters. For a little extra security, use a special character. You can access special characters on your iPhone's keyboard by pressing and holding on certain keys. For example, tap and hold I, O, U, E or C for a pop-up menu of available special characters. To choose one, simply slide your finger over it and release. Now, here's how to use them with a passcode. Tap Settings, General and then Passcode Lock. Move the Simple Passcode slider to the Off position. Tap Turn Passcode On and create a passcode, using the special characters as described above. Now you've got a lengthy passcode that includes non-English characters. Well done!
How to fix an iPad that's been disabled after entering the wrong passcode
Have you ever picked up your iPad, only to discover it has been disabled by your curious children who entered the password too many times? Or maybe you've done it yourself when you've forgotten the passcode you created a month ago? if you enter in an incorrect password too many times, iOS will think someone is trying to break into your device and will disable it. The problem with a disabled device is that you can't type in the password anymore, even if you suddenly remember it. You either have to wait a certain amount of time or connect the iPhone, iPad or iPod touch to iTunes, if it has been permanently disabled. Here are a few tips to help you get that device unlocked without losing valuable information. Try to back up the iOS device in iTunes The first thing you should try to unlock your disabled device is a simple iTunes backup. Connect your iOS device to your computer via USB and open iTunes. Select the device in the upper right-hand corner to display its properties in the main screen. Click on the "Back Up Now" button to start a sync. You may be prompted to type in your password on your iOS device to start the sync because the device is locked. Once you have typed in your password, you can cancel the back up and start using your device. Restore the device using iTunes and a previous backup If the backup trick doesn't work, then you may have to reset the passcode by restoring the device. This only works if you have previously synced your device with iTunes and have a backup stored on your computer. Follow these steps to restore your device and reinstall your backup. Connect the device to the computer with which you normally sync and open iTunes. If the device is still disabled, or if iTunes does not automatically sync your device, sync the device with iTunes by pressing the "Back Up Now" button. When the backup and sync are complete, restore your device. When iOS Setup Assistant asks to set up your device, choose "Restore from iTunes backup." Select your device in iTunes and choose the most recent backup of your device. Wait patiently while the restore completes its process. When the restore is completed, you should have all your documents, photos, emails and settings in place and the device should no longer be disabled. Restore the device using recovery mode and reset the password If you've never connected your iOS device to your computer, then you may need to place the device in recovery mode and restore it to erase the device. Unless you have an iCloud backup, you will lose all of your data using this method. If you use iCloud for backup, you can select a backup during the setup process after the restore. Disconnect the USB cable from the device, but leave the other end of the cable connected to your computer's USB port. Turn off the device: Press and hold the Sleep/Wake button for a few seconds until the red slider appears, then slide the slider. Wait for the device to shut down. While pressing and holding the Home button, reconnect the USB cable to the device. The device should turn on. Continue holding the Home button until you see the Connect to iTunes screen. iTunes will alert you that it has detected a device in recovery mode. Click OK, and then restore the device. Follow the prompts in Setup Assistant and proceed to "Set up your device." If you used iCloud for backup, tap Restore from a Backup, then sign in to iCloud. Proceed to "Choose backup," then choose from a list of available backups in iCloud.
Apple addresses lockscreen bypass bug with iOS 7.0.2 rollout
Apple confirmed and assured everyone that it was working on a fix to the iOS 7 lockscreen bypass bug last week that let sneaky individuals mess with users' email and social network accounts. And now, exactly seven days later, said update is hitting handsets in the form of iOS 7.0.2. Directly to the point, the update is said to "fi[x] bugs that could allow someone to bypass the lock screen passcode." And hey, there's also a Greek keyboard option for passcodes thrown into the update for good measure.
Securing your iPhone or iPad for your children, Part 2: Setup iOS parental controls to prevent in-app purchases
There has been a string of high-profile cases where children have racked up thousands of dollars in credit card charges through in-app purchases. In these cases and others like them, the iOS devices used by the children have not been properly locked down by the parents. In this three-part series, we will show you how to set up a kid-friendly iTunes account, lock down your device to prevent in-app purchases and perform some maintenance that'll prevent your tot from sending emails or tweeting on your behalf. You can jump into part two below, where we take a deep dive into the settings and show you how to lockdown your iOS device. Set up a Passcode The easiest way to lockdown an iOS device is to add a passcode, which will appear when you turn on or wake up the device. The passcode will prevent your child from turning on the device and going to town when you are busy doing dishes, driving or otherwise occupied. Using a passcode is a first-line defense and won't prevent errant purchases. It'll merely give you control over the iOS device and let you determine when your child uses the iPad or iPhone. To set a passcode, go to Settings > General > Passcode Lock. Change the setting so that the Passcode is on, the Require Passcode is set to immediately and the Simple Passcode option is off. A simple passcode is a four-digit number that can be quickly learned by any tech-savvy child who watches their parent tap in the code. Select a longer alphanumeric code that'll be difficult for your child to enter, but easy for you to remember. Enable Restrictions (Parental Controls) Once you have a passcode on your device, you will want to dive into the Restrictions, aka Parental Controls. This is the one area you don't want to ignore. If you have a device that you are using with your child on a regular basis, be sure to configure the parental controls. To find the Restrictions, tap Settings > General > Restrictions. Tap "Enable Restrictions" and enter a four-digit password that your child won't guess. At the top of the Restrictions' screen is a list of apps that are allowed on your device. If you don't want your child accessing the camera, Safari, iTunes and other apps, you can turn them off here. When they are off, they no longer appear on your home screen. Directly underneath the allowed apps is the "Allowed Content" section. This section lets you set the ratings for Podcasts, Music, Movies and other media on the iOS device. You can restrict access to explicit content by adjusting these settings to an age-appropriate level. Also in this section is the In-App Purchases slider which should be set to off, if you want to block all in-app purchases. If you want to allow IAPs, you can leave them on and control purchases by changing the "Require Password" setting to "Immediately" and not the default 15 minutes. This will force your child to enter a password every time they try to make a purchase. Speaking of passwords, don't give your child the password to his or her iTunes account. It will give them unfettered access to their device and will undo all your security settings. Other settings in the Restrictions allow you to control what apps have access to your contacts, calendars and other personal information. You can read more about each of these settings in this support document on Apple's website. Enable Guided Access Guided Access is an accessibility option that was added in iOS 6. This feature limits your device to a single app and lets you control which app features are available. You turn on Guided Access by going to Settings > General > Accessibility > Guided Access. When you turn Guided Access on, you will need to select a passcode to turn it off and adjust the settings. Once again, choose a password that your child won't guess and you won't forget. Once Guided Access is enabled, you can launch the app you want your child to use and then triple-click the home button to turn the accessibility feature on. You can adjust the settings to disable motion input, touch input and hardware button control. You can also select the part of the screen that you want to disable. Once you are ready, click start to turn on Guided Access and your child will be limited to using this one app. You may not use Guided Access all the time, especially with older children, but I would recommend setting it up on each device that you hand over to your kids. You never know when you may need it. I also set it up on my personal devices for those moments when I hand over my iPhone to my children. It's easy to enable and it lets me give my phone to my child without worrying about them getting into my email or Twitter account. Restrict WiFi Usage One nifty way to limit your child's online consumption is to block their access to the internet using the WiFi access timers available on your AirPort wireless router. Macworld's Christopher Breen describes how to block iOS devices in an article from earlier this year. You will need to know the MAC address of the iOS device (Settings > General > About) and must have a Mac with the AirPort Utility software installed on it. You can follow his step-by-step procedure on Macworld's website.
Another passcode bypass flaw found in iOS 6.1
Just over a week after a flaw was discovered in iOS 6.1 that grants unauthorized access to passcode-protected devices, a new exploit has surfaced that opens up user data to prying eyes even further. Threatpost reports that the newly discovered vulnerability lets unscrupulous folks connect an iOS device via USB and transfer data -- including photos -- to a computer without needing to enter a passcode. Apple has publicly confirmed that it intends to fix the passcode security issue that surfaced earlier this month in a forthcoming iOS release, likely 6.1.3. It's not clear if the company is aware of this second flaw or if a fix for it is also inbound. Since this new exploit is based off of the earlier one, it's possible that Apple will be able to kill two data-harvesting birds with one stone. [Via MacRumors]
Apple seeks patent for unlocking devices by identifying contact photos
The brains in Cupertino have come up with a way to unlock your iPhone and other devices that's definitely a lot more novel than entering a passcode. In a patent application uncovered by Patently Apple, the company details a way to authenticate your identity by speaking the names of Address Book contacts as their photos are displayed on-screen. The application also mentions some variations of the process, such as displaying more than one photo in sequence for added security, or allowing you to tap on the correct name from a list of several choices in case you can't or don't want to speak out loud. This isn't the first novel concept for user authentication that Apple is looking into, based on patents it has filed. The company is also apparently investigating the use of built-in fingerprint scanners on future iOS devices, along with facial recognition using the integrated cameras found on iPhones, iPads and Macs. [Via AppleInsider]
Insert Coin: Alarm clock makes you enter a code to silence it, in another room (video)
In Insert Coin, we look at an exciting new tech project that requires funding before it can hit production. If you'd like to pitch a project, please send us a tip with "Insert Coin" as the subject line. We love the snooze button as much as everyone else. But we've all postponed exiting the comfort of our Tempur-Pedic one too many times. Enter the Ramos alarm clock, a rise-and-shine solution that integrates a Defuse Panel in order to silence your wake-up call. Don't expect to stay in bed to enter the code either, as the keypad can be wirelessly situated in another room to prevent further slumber. Two time keeping options, LED and Nixie models, await your minimum pledges of $160 and $350 before the April 1st deadline. The latter features a nixie tube display that will put any regular ol' alarm clock's digits to shame. You can spring for a long-range kit if you need to place your key panel more than 50 feet away from your nightstand. If you're feeling extra generous, a pledge of more than $800 will allow you to select the type of wood used for your Ramos. In need of a bit more convincing? Peep the video on the other side of the break for a closer look.
Smart Cover can unlock password-protected iPads running iOS 5 (video)
Psst. Hey, do you carry a spare Smart Cover around with you? Well, if you're an unscrupulous sort, you can actually use it to bypass the lock screen of any iPad running iOS 5. This multi-step security hole will let you browse whatever's running behind the passcode screen, whether that's email, apps or the homescreen. To take advantage of the flaw, hold down the power button on the locked device until the power off slider appears, then whip the Smart Cover on, open and tap cancel. Fortunately for iPad owners, the rest of the tablet remains locked-down, but the main problem here is any sensitive information left on-screen. If you unlock the tablet to the main screen, you won't be able to open new apps, although anyone feeling particularly nefarious can apparently delete apps from that meticulously arranged home screen. See how it's done in the video after the break. [Thanks to everyone who sent this in]
