Security Experts Warn iPhone Users to Change Their Passwords Now

Iphone Alphanumeric Passcode Credit: iDB
Text Size
- +

Toggle Dark Mode

As hackers and law enforcement agencies begin rolling-out advanced new mechanisms designed to make their way into password protected devices easier, it’s never been more important to consider beefing up your iOS security with a passcode strong enough to withstand those brute-force hacking attempts.

Devices like the GrayKey box, which are designed to brute-force unlock essentially any iPhone model at the price of around $50 apiece, are slowly but surely making their way into Police Departments all around the world. But with the burgeoning adoption of GrayKey, should also come grave concerns for anyone waning to prevent their iPhone from being broken into and examined against their will.

While it’s been reported that an advanced mechanism like GrayKey is capable of cracking 4-digit iPhone passcodes in “just hours,” and 6-digit passcodes in a “matter of days,” it turns out that GrayKey is actually capable of successfully cracking any iPhone model protected by a 6-digit passcode in about 11-hours, on average.

That’s according to Matthew Green, assistant professor of cryptography with the John Hopkins Information Security Institute. In a Tweet published to his official Twitter account this week. Green noted that with a device like GrayKey — which is inherently capable of side-stepping Apple’s in-built iOS security protections — not only is a 4-digit passcode guessable within less than seven-minutes, but even beefing up your security settings to a 6-digit passcode simply isn’t enough to protect it anymore.

It’s not entirely clear if Green’s estimates are accurate, or just speculation based on cumulative reports, but in either case, it’s resoundingly clear that whether your iPhone is locked by a 4-, 6-, 8-, or even 10-digit passcode — if it falls into the hands of hackers or law enforcement you’d better hope to high heaven there’s nothing incriminating stored on it.

How to Protect Yourself

Whether you’re concerned about your iPhone being hacked by law enforcement via a device like GrayKey, or even by other nefarious actors in possession of a similar tool, it’s probably a good bet to ensure you’re device is restricted behind the strongest and most likely impenetrable security blanket.

And that would be an alphanumeric passcode, according to multiple iOS security experts cited in a recent Motherboard report. 

“People should use an alphanumeric passcode that isn’t susceptible to a dictionary attack and that is at least 7 characters long and has a mix of at least uppercase letters, lowercase letters, and numbers,” said Ryan Duff, an iOS security researcher and Director of Cyber Solutions for Point3 Security.

“Adding symbols is recommended and the more complicated and longer the passcode, the better.”

How to Enable an Alphanumeric Passcode

  1. To enable more formidable passcode protection options on your device, you’ll have to visit the Settings app.
  2. From there, scroll down and select Face ID/Touch ID & Passcode.
  3. Enter your current passcode.
  4. Scroll down and select Change Passcode.
  5. When the prompt comes up asking you to enter your new passcode, tap on the Blue Passcode Options text towards the center of the display.
  6. Select Custom Alphanumeric Code, and then enter a new passcode comprised of letters, numbers, and symbols as specified above.

Of course, remember to keep in mind that implementing an alphanumeric passcode in lieu of a simple 4- or 6-digit code is a timely compromise — though the extra effort on your behalf obviously comes at the benefit of stronger security.

Passwords are easy to forget, so simplify your life and keep track of all of them in one secure spot with a password manager. Consider using one of the following password managers.

Product 16253 Product Shots2 Image

Sticky Password

No need to struggle with remembering long and complicated passwords, Sticky Password is your award-winning password management and form filler solution, available for Mac, Windows, iOS, and Android

  • Create strong, unique passwords, whenever & wherever you need them, on all of your devices.
  • Never forget another password again.
  • Automatically and securely save and fill all of your passwords across the web.
Product 21437 Product Shots1 Image

Password Boss

Use this premium app to store and auto-fill usernames and passwords for all your online accounts. Just remember one master password, and let Password Boss do the rest.

  • Unlimited password storage
  • 256-bit AES and SSL/TLS encryption
  • Automatic website login
  • Form-filling on websites
  • 2-Step verification
  • Digital wallet
  • Automatic password generator

For additional security, consider using a VPN to encrypt and anonymize your internet traffic. Here are a few of our favorites.

Vpn Unlimited

VPN Unlimited

Premium VPN service by KeepSolid.

Good for watching Netflix, Hulu, Amazon Video, or HBO Go.

  • Best VPN by PC Mag
  • 1,000+ Servers Globally
  • Lifetime Subscription
  • Easy Install
  • 24/7 Customer Service
  • Up to 5 Devices

Infinity VPN

KeepSolid’s wider VPN service offering.

Good for watching Netflix, Hulu, Amazon Video, or HBO Go.

  • Best VPN by TechRadar
  • 1,000+ Servers Globally
  • 24/7 Customer Service
  • Easy Install
  • One Time Payment
  • Up to 10 Devices


Reviewed and favored by many editorial outlets. With two layers of encryption, NordVPN is a good choice for any platform.

  • No Logs
  • Fast Speed
  • 3,500+ Servers Globally
  • Money Back Guarantee
  • 148+ VPN locations
Social Sharing