Fail safe vs. fail secure. Convenience vs. security. When you discuss issues like encryption and backups, these are the debates — and in some cases, massive divides — you encounter. Information security experts will insist that everything needs to be locked down so tightly that even you have trouble getting into it. Backup experts will tell you most people suffer from data loss far more often and devastatingly than they ever do data theft.
Bricks vs. windows
iOS was built to be more secure from the start. With iOS 7 and iPhone 5s, it became something akin to a crypto brick. More recently, though, Apple has taken a few deliberate steps back. In certain cases, the company has made the system fail safe instead of secure.
Personally, I don't like or agree with some of these changes. I grew up with computers and I'm a power user who understands encryption, uses unique, pseudorandom passwords, and has no trouble managing two-factor and device policies.
I do have enough perspective taking ability — and I've dealt with enough family and friends who've been locked out of their own devices, accounts, and data — to see the other side of the dilemma.
From ElcomSoft blog:
The issues pointed out are predicated on an attacker having both physical custody of your device(s) and knowledge of your passcode. And that's as close as you can get to a "game over" scenario anyway, at least without additional roadblocks that can be extremely disruptive to customers.
Even then, with your device and your passcode, someone could access all your iCloud keychain items, use your email account and SMS to reset passwords from other systems, and could otherwise gain access to a degree that makes everything else sensationalized in the Elmsoft article functionally bullshit.
And without existing knowledge of your passcode? Well, you're looking at an attacker with intent and resources beyond what the FBI initially claimed it had in the San Bernardino case.
With iOS 11, the passcode — which can be as simple as 6 numbers — can be used to reset iTunes backup passwords and even Apple ID passwords.
Based on Apple's usage data and support logs, my guess is that they found mainstream customers were unable to access their own backups or accounts far, far, far more frequently than anyone was ever trying to illegitimately gain access. That was part of the reason for the change from the old two-step authentication system to the new two-factor authentication and for some of the policies around how iCloud Photo Library, for example, works.
Again, as a power-user, I don't like some of this. I don't like that passcode can reset Apple ID. But I've dealt with enough people who have no idea what their Apple ID is, that I understand the need to balance loss vs. theft. I understand that, for some of my friends, losing access to the photos of their children because they couldn't remember a backup or account password would hurt them far more than some theoretical attacker gaining access to them. And it is absolutely not my place or right to judge them or anyone else based on that difference in priorities.
Especially because security conscious people like myself have other options.
What can you do about it?
If you're at all concerned about passcode as an attack vector, switch from a 6-digit passcode to a strong alphanumeric password. You can do that in Settings > Passcode > Change Passcode > Passcode Options > Custom Alphanumeric Code.
It means sacrificing some convenience — because passwords are harder and take longer to enter — to regain security, but with Touch ID and Face ID, you won't have to enter it that frequently anyway.
If someone knows your strong alphanumeric password, they'll still be able to change your security settings, but the odds of someone being able to crack a strong alphanumeric password are far, far, far lower than a 6-digit passcode. (And if that's the threat level you're facing, you likely shook your head and walked away long before reading the article linked to here.)
People forget there are multiple classes of users when it comes to security. A head of state needs different standards of security when compared to a "regular person". Regular person needs a balance of convenience and security, head of state needs as much security as possible.People forget there are multiple classes of users when it comes to security. A head of state needs different standards of security when compared to a "regular person". Regular person needs a balance of convenience and security, head of state needs as much security as possible.— Guilherme Rambo (@_inside) December 1, 2017December 1, 2017
There are also mobile device management (MDM) solutions, including Apple's iOS Configurator and third-party, enterprise- and government-level tools that let administrators and organizations lock down iOS to a significantly higher degree than the consumer-oriented, built-in features allow. Which is why Apple started adding them back with iOS 2. (iPhone OS 2.0.)
Continuing the conversation
There are some interesting if overly sensationalized points raised by Elmsoft and this is an incredibly important discussion to have. It's also one that the security and backup communities have been arguing over since the inception of bits.
People and certainly the internet aren't often good at handling situations where multiple truths exist and the needs of different people are at odds with their own.
I do think we've swung between being too secure and too convenient over the years and that we continuously need to find both a better balance and better options for everyone. And that's why Apple's security team has been iterating so aggressively on all of this over the last few years.
I'd love to see an option to turn off passcode as a reset vector for those of us who don't want or need it, but then again, I use a password so I probably wouldn't want or need that setting anyway. And that's how these loops begin.
For now, iOS 11 is doing a good job making sure people don't lose access to their data while providing alphanumeric password and MDM options for those of us who want to make sure our data is better protected as well.
But let me know what you think.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.