There is some unexpected good news for iPhone security buffs-the standard four-digit PIN will be six digits long in iOS 9, which will protect against brute-force attacks more effectively.
According to The Verge, security researchers have been creative in finding a way to do this.
They say adding more digits to the password isn’t a perfect solution, but the small change would mean a huge headache for anyone attempting to stage a brute-force attack in iOS 9, resulting in 100 times as many possible passwords to check.
Current brute force PIN attacks take hours to work: ranging from 12 hours for simple attacks to a maximum of 117 hours for MDSec’s more complex power-down attack.
In each case, there’s always the chance that attackers will get lucky and stumble on the password in an early guess. Adding the extra two digits increases the response time to the scale of days, giving victims ample time to use Apple’s powerful anti-theft tools to either track down their phone or brick it remotely.
The only downside is that password-protected users will have to punch in an extra two digits, but TouchID means that isn’t as onerous as it might be. Phones can still be unlocked with a successful fingerprint match, cutting out the need for a PIN at all.