How Easy is it to crack an iPhone password?

Our smartphones increasingly contain a wealth of information about us. We make phone calls, send emails, visit websites, send texts, take photos, connect with Facebook friends, and share files. They have become mini-computers. Our smartphones go where ever we go, unlike our desktop computer that rests on a table top safely in our home. That means access to the phone is just a moment of physical theft or loss away.

How safe are the contents of your smartphone anyway? Take the iPhone, which has been in the news lately, with FBI wanting Apple's help to access the contents of an iPhone. Apparently, the FBI is having some difficulty getting into that iPhone. Does that mean that the iPhone is impenetrable? Not exactly. The answer is that it depends.

First of all you need to password protect the phone. With iOS 9 Apple has created some impressive security to prevent repeated guesses of the password. After five wrong guesses, the phone's software makes the hacker wait one minute before guessing again. After nine wrong guesses, one will have to wait an hour. And depending on how the phone was set up, it might delete all its data after ten wrong tries. Even if the aforementioned security measures were disabled, Apple has another security feature that makes automated password guessing difficult. When you enter a passcode into your iPhone, the processor makes a calculation to check if your code is correct. What Apple has done is make the math so complicated that it takes about 1/12 of a second for the phone to crunch the numbers. That may not seem like a long time to humans, but to a computer it is an exceedingly long wait. “This means it would take more than 5 ½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers,” according to Apple security guide.

The iPhone security is impressive, but can be rendered useless if you choose a weak password. Six lowercase letters and numerical digits can be arranged in 2.17 billion combinations. A six digit alpha and numeric password at about 12 attempts a second, will take an encryption cracking tool five and a half years to go through all combinations. Compare this to a six digit, numbers only, password. Six numerical digits can be arranged in only one million ways. Such a simple six-number passcode can be cracked within just 22 hours.

The lesson here is that complexity of a password is essential. Secondly, the longer the password the harder it is to crack. On iPhones with only a four-digit numeric passcode, there are only 10,000 combinations. It would only take 13 minutes for the FBI to try all the different possible passwords. Compare that to a six character passcode where you mixed in capital letters in addition to lowercase letters, and numerical digits. Then there would be 56.8 billion possibilities, instead of 2.1 billion. Instead of 5.5 years, it would now take 144 years to crack such a passcode!