About
iPhone J.D. could be the oldest and largest website for lawyers using iPhones and iPads. iPhone J.D. is published by Jeff Richardson , a legal professional in New Orleans, Louisiana. This site does not provide legal advice, and any opinions expressed on this site are solely that relating to the author and don't reflect the views of Jeff's attorney, Adams and Reese LLP iPhone J.D. isn't associated with Apple, Inc.
Contact Me
FTC Notice
Pursuant to 16 CFR Part 255, the Federal Trade Commission's Guides Concerning the Use of Endorsements and Testimonials in Advertising , please be aware: (1) iPhone software and hardware developers routinely send me free versions of these products to analyze. I sometimes keep and attempt to use these products which I did not buy after posting my review, that will be considered a type of compensation for my review, but I don't fall for that I let that color my review. (2) When I post links to product pages on certain stores, including although not limited to Amazon and the iTunes App Store, my links add a referral code in order that when items are purchased after simply clicking the link, I often get a very small number of the sale. This helps to defray some of the cost of running this web site, and offers me a small vested fascination with having readers of iPhone J.D. purchase products by using these links. Again I don't fall for that I let that color my report on products. (3) Some of the ads that run on this internet site are selected by others for example Amazon or Google. If one of those ads originates from the seller of the product reviewed on iPhone J.D., that is a coincidence and I do not believe that it colors my report on that product. Other ads are from paid advertisers, of course, if I discuss a product or service from a company that is the current advertiser, I will observe that. (4) Some of the ads that run on this web site are from monthly sponsors of iPhone J.D. When I discuss products readily available companies on iPhone J.D., I do to pass along information given to me from the sponsor. Often, I will in addition provide my own commentary on the product, and even though my goal is to be honest, please remember that I was compensated to market the product. If you have any queries about this, just send me an e-mail or post a reply to a specific product review.
A glance at the iPhone passcode lock feature
The iPhone features a passcode lock feature. About a year ago, when iPhone Software 2.0 was out, Apple received bad publicity because there was a simple way to bypass the passcode by simply double-clicking the property button That flaw was fixed a year ago and there are actually other updates towards the iPhone passcode lock feature in iPhone Software 3.1, so I thought this could be a good time to take a close understand this feature.
You let the feature when you go to Settings -> General -> Passcode Lock. The default is to have a four character passcode, all numbers (although as noted below, this is changed to something more complicated). When the passcode lock is started up, someone who picks up your iPhone cannot apply it (with the exception of emergency calls) without entering several digit password. The passcode lock is a nice first degree of security for your iPhone just in case it is picked up by a "bad guy" or, as an example, a kid.
A person who picks up an iPhone using the passcode lock enabled has 10 chances to penetrate the correct code, but that does not mean that he can just try 10 different codes uninterruptedly. After six incorrect attempts, anyone must wait 1 minute before trying again. If the seventh attempt is wrong, anybody must wait 5 minutes before trying again. If the eighth attempt is wrong, anybody must wait 15 minutes before attempting again. If the ninth attempt is wrong, anybody must wait 60 minutes before trying again. After 10 incorrect attempts, what are the results next depends upon your settings. By default, after 10 incorrect attempts the iPhone notifys you that you must connect the iPhone to iTunes to unlock it and doesn't allow you to try to guess the password again. Alternatively, in Settings -> General -> Passcode Lock you can turn on the "Erase Data" after 10 failed passcode attempts feature. With this on, after 10 incorrect attempts, the iPhone will erase all data. On an iPhone 3GS, this happens instantly for the reason that 3GS simply removes the encryption key to all data around the device. On the original iPhone as well as the iPhone 3G, the iPhone erases all data by writing in the data, an operation that can take a couple of hours or more. (You can't utilize iPhone although taking place.) Note that one danger of telling your iPhone to erase all data after 10 incorrect attempts is that you simply will no longer be capable of use MobileMe to monitor your iPhone's location, send messages on the iPhone, etc. If you accidentally erase all data on your own iPhone, you'll be able to still restore the data by using iTunes to apply your latest backup.
I am more limited because my law practice's Exchange server imposes a "maximum inactivity time lock" on mobile phones. (I believe that ours is placed to 20 mins, and when you combine the up to 5 minutes before an iPhone auto-locks plus up to 15 minutes for a passcode lock, this is a maximum of twenty minutes of inactivity to lock the iPhone.) Before iPhone Software 3.1, the iPhone would not pay attention to an Exchange Server's maximum inactivity time lock. This was a burglar alarm flaw, the one which was talked about to Apple by iPhone users at PepsiCo, Intel Corporation, Edward Jones and Agilent Technologies. When Apple fixed this challenge in 3.1, it explained just what it had done in this posting and gave credit towards the individuals at those companies who pointed out the flaw. So if you, too, are looking to become famous on an Apple security page, make sure they know if you find another security flaw.
Speaking of iPhones and Exchange servers, these Exchange ActiveSync password policies are supported in iPhone Software 3.1:
Require a password
Minimum password length
Inactivity time in minutes
Password expiration
Password history
Minimum number of complex characters in password
Even if a company doesn't use Exchange, a business can set these settings by using device profiles. The following emanates from the Apple Enterprise Deployment Guide ( PDF link ), which explains what the different passcode settings mean:
Require passcode on device: Requires users to get in a passcode before while using device. Otherwise, whoever has the device can access all of its functions and data.
Allow simple value: Permits users to utilize sequential or repeated characters within their passcodes. For example, this would allow the passcodes "3333" or "DEFG."
Require alphanumeric value: Requires how the passcode contain no less than one letter character.
Minimum passcode length: Specifies the smallest number of characters a psscode can contain
Minimum quantity of complex characters: The variety of non-alphanumeric characters (for example $, &, and !) how the passcode must contain.
Minimum passcode age (in days): Requires users to improve their passcode at the interval you specify
Auto-Lock (in minutes): If these devices isn't used by this period of time, it automatically locks. Entering the passcode unlocks it.
Passcode History: A new passcode will not be accepted if it matches a previously used passcode. You can specify the amount of previous passcodes are remembered for comparison.
Grace period for device lock: Specifies how soon the product can be unlocked gain after use, without re-prompting for your passcode.
Maximum number of failed attempts: Determines what number of failed passcode attempts can be made before the product is wiped. If you don't change this setting, after six failed passcode attempts, the product imposes a moment delay before a passcode can be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, all data and settings are security erased from the unit. The passcode time delays always begin following the sixth attempt, when you set this vlue to 6 or lower, little time delays are imposed and also the device is ereased if the attempt value is exceeded.
Another passcode lock difference in iPhone Software 3.1 is, if you are using MobileMe, you can now jump about the MobileMe website and inform your iPhone to right away lock itself and even supply a new four digit code, that will override any passcode previously set for the iPhone. This could be useful when someone gets usage of your iPhone and knows your prior passcode. I tested this feature and delay pills work great; a fraction of an second after I told MobileMe to lock my iPhone, my iPhone immediately went into Auto-Lock mode and wouldn't allow access until I entered the modern code. Of course, because of this feature to be effective, your iPhone should be on and must be on the network. A smart thief could remove the SIM chip, which prevents MobileMe from finding the iPhone, or just turn off MobileMe about the iPhone. (By the way, in my tests, after taking out the SIM chip, sending a lock command via MobileMe, then reinserting the SIM chip, it took a full fifteen minutes before the MobileMe-initiated iPhone lock took effect.) But thieves tend to be not very smart, high are many stories of people finding stolen or misplaced iPhones thanks to MobileMe (such as 1 , 2 , 3 ). Thus, with MobileMe, you possess a possible means to fix a lost iPhone that otherwise would not exist.
Does the use of a passcode lock imply that no crooks could ever access your personal data about the iPhone, Unfortunately, no. Security experts for example Jonathan Zdziarski came up with methods for law enforcement agents to recover data from an iPhone notwithstanding the iPhone's built-in security measures. If cops understand how to do it, you'll be able to bet that there are some criminals who also know. A garden-variety thief won't know how to do this, but a good and dedicated hacker can probably are able to access data on your iPhone if he tries with enough contentration. (For example, see this article from Wired.)
While the passcode lock just isn't a perfect security solution for your iPhone, I still believe it's worthwhile feature allow and I encourage you to definitely do so if you are a legal professional or otherwise have confidential information on your iPhone (such as in your emails). It can be a minor annoyance to have to enter a passcode after fifteen minutes (or around 4 hours) of non-use, nevertheless it provides you with security which will stop all but a few elite hackers from gaining usage of you e-mail as well as other personal data should your iPhone is categorized as wrong hands.
UPDATE 4/22/10: Here is an article from the Apple Knowledge Database on knowing the passcode lock feature.
A look at the iPhone passcode lock feature
The iPhone includes a passcode lock feature. About a year ago, when iPhone Software 2.0 was out, Apple received bad publicity since there was an easy way to bypass the passcode simply by double-clicking the home button That flaw was fixed last year and there happen to be other updates for the iPhone passcode lock feature in iPhone Software 3.1, so I thought this is a good time to look at a close understand this feature.
You let the feature by going to Settings -> General -> Passcode Lock. The default is always to have a four character passcode, all numbers (although as noted below, this is often changed to something more complicated). When the passcode lock is started up, an individual who picks up your iPhone cannot apply it (aside from emergency calls) without entering the four digit password. The passcode lock is a nice first level of security for your iPhone in case it is picked up by a "bad guy" or, for example, a child.
A person who sees an iPhone while using passcode lock enabled has 10 chances to get in the correct code, but that doesn't mean that he can just try 10 different codes back to back. After six incorrect attempts, anybody must wait one minute before trying again. If the seventh attempt is wrong, the individual must wait 5 minutes before trying again. If the eighth attempt is wrong, the person must wait 15 minutes before attempting again. If the ninth attempt is wrong, anyone must wait 60 minutes before attempting again. After 10 incorrect attempts, how are you affected next depends upon your settings. By default, after 10 incorrect attempts the iPhone informs you that you must connect the iPhone to iTunes to unlock it and doesn't allow you to attempt to guess the password again. Alternatively, in Settings -> General -> Passcode Lock you can turn on the "Erase Data" after 10 failed passcode attempts feature. With this on, after 10 incorrect attempts, the iPhone will erase all data. On an iPhone 3GS, this occurs instantly because the 3GS simply removes the encryption step to all data around the device. On the original iPhone and the iPhone 3G, the iPhone erases all data by writing in the data, a procedure that can take couple of hours or more. (You can't use the iPhone while this is taking place.) Note that one danger of telling your iPhone to erase all data after 10 incorrect attempts is basically that you will no longer be able to use MobileMe to follow your iPhone's location, send messages on the iPhone, etc. If you accidentally erase all data on your own iPhone, it is possible to still restore the information by using iTunes to make use of your latest backup.
I am more limited because my attorney's Exchange server imposes a "maximum inactivity time lock" on cellular devices. (I believe that ours is placed to 20 minutes, then when you combine the approximately 5 minutes before an iPhone auto-locks plus up to fifteen minutes for a passcode lock, that's a maximum of twenty minutes of inactivity to lock the iPhone.) Before iPhone Software 3.1, the iPhone did not pay attention to an Exchange Server's maximum inactivity time lock. This was a burglar flaw, the one which was talked about to Apple by iPhone users at PepsiCo, Intel Corporation, Edward Jones and Agilent Technologies. When Apple fixed this issue in 3.1, it explained exactly what it had done here and gave credit for the individuals at those companies who stated the flaw. So if you, too, wish to become famous on an Apple security page, make sure they know if you find another security flaw.
Speaking of iPhones and Exchange servers, the next Exchange ActiveSync password policies are supported in iPhone Software 3.1:
Require a password
Minimum password length
Inactivity amount of time in minutes
Password expiration
Password history
Minimum quantity of complex characters in password
Even if a company doesn't use Exchange, a business can set these settings by making use of device profiles. The following comes from the Apple Enterprise Deployment Guide ( PDF link ), which explains just what the different passcode settings mean:
Require passcode on device: Requires users to enter a passcode before with all the device. Otherwise, anyone who has the device can access most of its functions and data.
Allow simple value: Permits users to utilize sequential or repeated characters within their passcodes. For example, this would allow the passcodes "3333" or "DEFG."
Require alphanumeric value: Requires that the passcode contain no less than one letter character.
Minimum passcode length: Specifies the smallest amount of characters a psscode can contain
Minimum variety of complex characters: The variety of non-alphanumeric characters (for example $, &, and !) that the passcode must contain.
Minimum passcode age (in days): Requires users to switch their passcode with the interval you specify
Auto-Lock (within a few minutes): If the product isn't used for this period of your energy, it automatically locks. Entering the passcode unlocks it.
Passcode History: A new passcode won't be accepted if it matches a previously used passcode. You can specify the number of previous passcodes are remembered to compare and contrast.
Grace period for device lock: Specifies how soon the product can be unlocked gain after use, without re-prompting for the passcode.
Maximum number of failed attempts: Determines the amount of failed passcode attempts can be made before the device is wiped. If you don't change this setting, after six failed passcode attempts, the unit imposes a moment delay before a passcode could be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, all data and settings are security erased from these devices. The passcode time delays always begin after the sixth attempt, if you set this vlue to 6 or lower, no time delays are imposed and also the device is ereased if the attempt value is exceeded.
Another passcode lock alternation in iPhone Software 3.1 is, if you utilize MobileMe, it is possible to now jump for the MobileMe website and inform your iPhone to instantly lock itself as well as supply a new four digit code, that will override any passcode previously set around the iPhone. This could be useful if someone else gets usage of your iPhone and knows your prior passcode. I tested this feature and delay great; a fraction of a second after I told MobileMe to lock my iPhone, my iPhone immediately went into Auto-Lock mode and wouldn't allow access until I entered the modern code. Of course, for this feature to operate, your iPhone should be on and must be for the network. A smart thief could take away the SIM chip, which prevents MobileMe from locating the iPhone, or simply turn off MobileMe for the iPhone. (By the way, inside my tests, after taking out the SIM chip, sending a lock command via MobileMe, then reinserting the SIM chip, it took a full quarter-hour before the MobileMe-initiated iPhone lock took effect.) But thieves in many cases are not very smart, high are many stories of folks finding stolen or misplaced iPhones because of MobileMe (including 1 , 2 , 3 ). Thus, with MobileMe, you have a possible treatment for a lost iPhone that otherwise wouldn't normally exist.
Does the use of your passcode lock imply that no criminals could ever access your personal data about the iPhone, Unfortunately, no. Security experts like Jonathan Zdziarski came up with methods for law enforcement agents to recoup data from an iPhone notwithstanding the iPhone's built-in security measures. If cops learn how to do it, you are able to bet that we now have some crooks who also know. A garden-variety thief won't understand how to do this, but an intelligent and dedicated hacker can probably find a way to access data on your iPhone if he tries tough enough. (For example, see this article from Wired.)
While the passcode lock isn't a perfect security solution on your iPhone, I still believe it is worthwhile feature allow and I encourage that you do when you are an attorney or otherwise have confidential information on your iPhone (like in your emails). It can be a minor annoyance to have to penetrate a passcode after 15 minutes (or around 4 hours) of non-use, however it provides you with security that will stop basically a few elite hackers from gaining use of you e-mail as well as other personal data if the iPhone grouped into the wrong hands.
UPDATE 4/22/10: Here is an article from your Apple Knowledge Database on comprehending the passcode lock feature.
Search
Subscribe
Awards
ABA Journal named iPhone J.D. the top Legal Technology blog this season, 2011 and 2013, and added iPhone J.D. to its Hall of Fame in 2014:
The Expert Institute named iPhone J.D. the Top Legal Tech Blog in 2017:
Recent Posts
0 Comments