Default post cover image

How to completely secure your lock screen and protect your iPhone

Catalin Nichita

by Catalin Nichita

Contrary to popular belief, Touch ID -- introduced with the iPhone 5s -- does not make your iPhone completely unhackable. Bypassing Touch ID and the passocde is not an easy job, but it can be done. Last year, SilliconAngle covered a security flaw in iOS 9 that made access to Photos possible on anybody’s phone, without knowing the passcode or using Touch ID.

This year, we’re covering security opportunities associated with your iPhone's lockscreen, no matter which iOS version you’re on.

How to protect your iPhone
How to protect your iPhone

Lockscreen vulnerabilities

If a fingerprint is not read correctly -- or, if you double tap the home button -- you’re prompted to enter a pincode. If your device is protected with a simple four-digit passcode, the iPhone can be easily unlocked. With only 9,999 possible combinations this code can be cracked. Besides, the most common combinations are available online, making brute-force attacks easier than they might otherwise be.

Research suggests that about 15% of all iPhone users have very common four digit passcodes. Passwords like 1234, 0000, birthdays and anniversaries are more frequent than you think. Although in iOS 10 and iOS 9 a six-digit code is selected by default, people still looking for articles on how to switch back to the less secure 4-digit combination.

To bypass the 4-digit passcode security layer, hackers usually go for 5 methods:

  1. Brute force attack (a few tries until the iPhone is completely disabled)
  2. Using a sequence of commands with Siri
  3. Passcode hacking applications
  4. A fake server
  5. Resetting the phone using iTunes

Increase your lockscreen’s security

Lockscreen attacks aren't very common, but they’re the easiest to attempt and most likely to succeed if your device is not configured correctly.

Over the past years, various security breaches have occurred, targeting high profile people. The particular nature of a lockscreen attack is that it requires direct contact with the iPhone, meaning your device would be either stolen or misused by people.

For your security and peace of mind, let's help you set up your iPhone to reduce the likelihood of a successful lockscreen hacking attempt.

1. Replace the four-digit passcode with a six-digit password

The first step is to use a six-digit pincode. A four-digit passcode means 9,999 passcode combinations. For a six-digit passcode, a hacker will need about 999,999 attempts to hack the phone. Of course, this can’t happen as long as you have activated a phone wipe after too many failed passcode attempts.

To replace the four-digit passcode with a six-digit password go to Settings, select Touch ID and password and choose Select Passcode. Select 6-Digit Numeric Code then add your password.

6-digit numeric code
6-digit numeric code

2. Replace your password with a longer passcode

By using this method, you can rest assured you'll make the hacker's job much more difficult. For every additional digit used in the passcode structure, the number of necessary attempts is increasing ten times. If for six-digit passcode there are necessary about 999,999 combinations, for a seven-digit passcode the number of combinations increases at 9,999,999.

To activate this option, go to Touch ID & password, click on Select passcode then choose Custom Numeric Code. You will be allowed to use additional numbers to lock your iPhone’s screen.

Custom numeric code
Custom numeric code

Remember that you need to have at least iOS 9 on your iPhone if you want to activate this feature on your device.

If your smartphone is running iOS 8 and you still need to increase your iPhone protection, use an alphanumeric code instead. This option allows you to protect your iPhone with a passcode using number and letters.

By using this option and more than eight letters and numbers, you can be sure that the passcode cannot be hacked or guessed as long you don’t use an obvious combination. To activate it, go to Select Passcode, choose Custom Alphanumeric Code and add your new credentials. Make sure you remember your passcode to prevent losing your data!

Custom alphanumeric code
Custom alphanumeric code

3. Deactivate Control Center access

If you lose your smartphone and you have "Find my iPhone" active your data is still at risk. As long as the potential pickpocket can switch your iPhone’s settings to Airplane Mode, you run the risk of losing control of your remotely controlled device.

The best protection is to ensure Control Center can’t be accessed from the lock screen. To deactivate access from the lock screen, go to Control Center then use the switch to deactivate Lock Screen access.

Control center lockscreen
Control center lockscreen

4. Disable Siri’s access to lock screen features

Siri is one of the most appreciated features in iOS, and is expected to grow into a more intuitive AI assistant, with Apple’s recent decision to hire its first director of AI. Currently, in terms of security, the assistant has weak points. Discovered in iOS 9, this simple exploit could make your iPhone accessible even if a hacker doesn’t know the passcode. By using Siri, he could eventually gain access to sensitive data.

To prevent bypassing the passcode you need to make sure that Siri’s settings don’t allow access to your private data. Go to Settings then select Touch ID & Passcode. Choose Allow Access When Locked and turn off Siri, Notifications View, Wallet, Today and Reply with iMessages. This is similar to disabling access to Control Center from your lock screen.

Disable Siri access
Disable Siri access

5. Decrease the time until the iPhone locks itself

iPhones get snatched on the street every now and then. When that happens, the iPhone is usually unlocked, and the thief will have access to everything.

To prevent this, use a shorter time interval for automatic iPhone locking. To decrease the number of seconds until the phone lockscreen is activated you need to change the Auto-Lock timer’s settings.

To do this go on Settings, choose General then Auto lock. At this point you can adjust the time available until the iPhone is blocked. The shortest interval of time is 30 seconds (Immediately). Activate this option and confirm the action. Then go to the Passcode & Touch ID settings and decrease the time interval until the passcode is required.

Time iPhone locked
Time iPhone locked

6. Remove notifications from iPhone’s screen

Even locked, an iPhone still shows various notifications, accessible to anyone else, as long as they have access to your device. Email and iMessages are displayed on the screen even if the passcode is active and the phone is locked. You can prevent any people seeing your data by hiding notifications from the lock screen.

Repeat these steps for each application installed. Access your iPhone’s Settings, go to Notifications and select the app from you need to hide notifications for. Once selected, deactivate both Show on Lock Screen and Show Previews then confirm the action. Go to all your sensitive apps and repeat the same steps. Alternately, just disable Show Previews to hide message content.

Disable notifications
Disable notifications

Conclusion

By changing your iPhone lockscreen’s default settings, you can increase the security of your device. Even so, these methods are not infallible and there are ways to improve the security and data protection of the iPhone. For your peace of mind, we strongly recommend you activate 2FA on your iCloud account and make sure that you have iCloud Backups enabled.

Catalin Nichita

by Catalin Nichita on , last updated

We've helped over 3,000,000 people recover their lost iPhone data. Let us help you too.

Submit a comment

© 2008 - 2018 Reincubate Ltd. Registered in England and Wales: #5189175, VAT GB151788978. Built with ❤️ in London.

Reincubate is a registered trademark. All rights reserved. Terms & conditions. Privacy Policy. It's your data, not ours. We recommend 2FA.

close

For personal users

For businesses and pro users

Scroll down for business and pro plans

Basic

$34.95

iTunes support

Works with Windows and Mac

Customer support

Preview iCloud device list

BUY BASIC

Premium

$69.95

iCloud and iTunes support

Works with Windows and Mac

Customer support

5 iCloud devices

BUY PREMIUM
Jonathan

This is iPhone Backup Extractor, think of it as a "personal forensics" utility. It's pretty awesome.

Jonathan Zdziarski

Forensics and iOS expert

For business and pro users

Business

$299.95

25 iCloud devices

High priority customer support

Commercial license

All benefits of our premium plan

BUY BUSINESS
ricloud
Demo our APIs for enterprise

Need iCloud access, forensic tooling, bulk recovery of deleted SQLite data?

Learn about our APIs at www.reincubate.com.