Soli

welshdog said:

Rayz2016 said:

Another good reason for allowing emoji passwords: it'll stop banks doing insecure checks like asking for the second and fourth character of your code:

"Yes, it's a long distance runner followed by a pile of sh*t."

How would that work? Does an emoji appear to the OS as just a string of numbers, or is it something else? Seems like a great idea as long as emojis themselves don't have (or open up) some sort of unexpected vulnerability.

They are Unicode characters just like all the other characters we use today. For Apple to implement this in their OSes would be a cakewalk, but there are potenial pitfalls.

One universal issue is that some characters look very similar. Sure, the same can be applied to letters, numbers, and punctuation, but the detail of certain faces in pictograms, for example, could lead to confusion. The solution is to exclude any that are too close in appearance.*

The other issue is more of when this moves to websites, which means being cross platform. These pictpgrams are designed indeprently by the OS and device vendors. While the hamburger emoji may not be confusing despite looking radically different across platforms, others might. Specifically certain faces.

What if you only used Windows and Android and had the gun emoji in your passcode? Could anyone reasonably jump onto an Apple device and realize they need to use the toy gun? I think that’s well known on Apple forums, and you could probably search by name to find what you're looking for, but that may have to be excluded if it’s not deemed universal enough in appearance and having to search for a character does reduce efficiency.

The bottom line is that additional characters adds to the complexity of the passcode so even a few dozen emoji—not all 800-ish—is  a huge boon for security.


* Right now in iOS and macOS you can create a passcode with a hyphen (-), en dash (–), or em dash (—). Visually they are close in appearance if you aren't looking at them side-by-side. Not a huge deal for an OS passcode, but if you were to make that an option for a website that could be a problem if you have to read it back, especially how different fonts can affect how these look. Because of that, I'd also remove all but the hyphen when it came to the passcode and make the use of the other two default to the hyphen automatically. I think many emoji would fall into that category, like the "confused face" 😕 (Unicode: U+1F615) v "slightly frowning face" 🙁 (Unicode: U+1F641) to name but two of many, many possibilities.

suddenly newton said:

nunzy said:

Samsung is dishonest. They don't deserve to get Apple's business.

The only honesty that matters here is their ability to meet their contractual obligations and delivery targets as a supplier.

I'd love to see Samsung get the boot for their overall unscrupulous actions, but if they can deliver a better product than TSMC then I say Apple should keep using Samsung.

mac_128 said:

irnchriz said:

applemagic said:

Soli said:

Use the full keyboard for your passcode! Even add a simple long press character to make it crazy hard to crack without invoking much of a hassle for you.

@Soli, I have seen you mention this a few times in these forums. Could you please explain this a little more? I have a 6-digit password (numeric, though, which I guess I need to change), so I would like to try your suggestion. But, I am not sure I understand what 'use the full keyboard' and 'add a simple long press character' mean. I use an iPhone 6, running iOS 10.x.

It is simple math, the more entropy the longer it takes to crack a password.
A password like
banana,horse,spangle-1723!
will take centuries to crack vs a password like
996643
or even
Bl0t50ms 

Exactly. I work for a company with over 260,000 employees worldwide. We recently had company wide training about precicesly this. It was recommended that we all adopt simple pass-phrases over the silly habit of 6-12 alphanumeric nonsense characters, for which method even the inventor apologized about being wrong. Easy for us to remember and harder for a brute force attack.

Unfortunately, most password systems are geared toward this now debunked method, limiting passwords to a specific length, rejecting common words, and requiring one of every kind of character, but in some cases limiting the special characters available. And it was for this reason the top recommendation was that we use a password manager for all of our passwords, along with two-factor authentication. Unfortunately, that doesn’t really work for an iPhone.

The "entropy" notion in irnchriz's comment doesn’t account for anything other than a static base count. As noted, when you choose form 210 possible characters instead of 72 or 10, the complexity increases dramatically even with a shorter passcode. All things being equal, a longer passcode is harder to crack, but you're better off with a more diverse character palette, which means this works really well for the iPhone (and Mac).

Nunzy is a pro-Apple troll. Look at his simplistic, posting history.

irnchriz said:

How long does the repair take at an Apple store? Do they do it while you wait?

From what I’m told is they send it out because the keyboard is attached the casing.

Even with just a small number or keyboard issues that seems like it would be costly enough to Apple to fix the keyboard or make it easier/cheaper to be replaced in-store.