Get increased password protection on the iPhone

For companies who support iPhones or for users who simply want more security than the default 4-digit password, you can use the iPhone configuration utility to lock one down. Vincent Danen shows you how to use it.

The iPhone is a great device, capable of doing a lot of things. It is a phone, a gaming device, a PDA. You can check the weather, stocks, read online news articles, instant message, and keep your contacts and calendars in sync. You can store TODO lists and keep your password database on it.

The iPhone carries a lot of information in a small form factor. One that can be easily lost or stolen.

There are ways to prevent unwanted people from accessing your data should your phone fall into the wrong hands. In the Settings, you can assign a 4-digit passcode and enable auto-locking of the phone so that after a set number of minutes of inactivity, the passcode to unlock is required. And, for full security, if there are 10 failed passcode attempts, the iPhone can be configured to wipe all the data on the phone.

As with all password security, however, a four digit PIN isn't all that secure. True, there are a lot of combinations and if the phone is set to wipe data on 10 failed attempts, perhaps a four digit PIN is sufficient. But what if you want the ability to have a stronger passcode? The iPhone itself does not give you that ability, but the iPhone Configuration Utility does.

The iPhone Configuration Utility is available for both Windows and Mac. For Mac, you can download it here. When you download the DMG file, run the installer from the disk image to install the utility. The iPhone Configuration Utility is then installed into /Applications/Utilities/.

Once it is installed, launch iPhone Configuration Utility. From the Library pane on the left side, select Configuration Profiles. Next, select the New button from the toolbar. This creates a new configuration profile.

Fill out the fields in the Identity section as requested. This provides basic information about the profile. When done, select the Passcode section. Then click the Configure button. Here you get to define the criteria for the passcode on the iPhone.

There is a lot of information you can configure here. You can enforce the use of a passcode, meaning that one must be set. You can require alphanumeric characters, which allows you to use letters. You can set the minimum length, and a minimum number of non-alphanumeric characters. Here you can also define password aging: define whether or not the password must change every month, every year, or at another interval (up to 730 days). You can enforce mandatory auto-lock, and the number of unique passcodes required before allowing the re-use of an old passcode. You can also define the maximum number of failed attempts before wiping the device and mandating this; here you can allow up to 16 failed attempts before wiping rather than the default 10.

Click to enlarge.

For a company that provides iPhones to its employees, this allows you to create a nice security profile that enforces certain security practices. For individuals who want more flexibility than the four digit PIN, you can use this too.

There are a number of other items that can be configured as well: defaults for email, VPNs, wireless access, LDAP, and more. Likely these sections will only be of interest for companies that manage a larger number of iPhone devices; typical users will find nothing of interest here.

When finished configuring, click the Share button. You can sign the configuration profile if you wish, to provide added security, or select None. Apple Mail will then open with an attachment: your new iPhone security profile. Email it to an address that is accessed on your phone. Once the iPhone has received the email, select the .mobileconfig attachment and install the profile. When it is installed, you will be asked to change your passcode to one that meets the criteria of the configuration you just installed.

From this point forward, you will be able to use a more secure password or passphrase on the phone, instead of the default four-digit PIN.


Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks