There’s a suggestion floating around on tech blogs for setting ‘unguessable passcodes’ in iOS. The idea is to use alternate accented characters, which are hidden but easily accessible by holding down letters on the virtual keyboard. The thinking is these accented characters could be especially effective at thwarting guesses, as English speakers might not even realize that there are accents beneath the keys…
While I think the idea of using accented characters for a password is clever, setting these passwords on the Lock screen isn’t going to do most users good. Tools like iFunBox can access your camera roll and the iOS filesystem, even when your device is locked. Programs of this sort flat-out ignore your lock screen password. The only protection against this kind of attack is if your apps specifically encrypt the files they store, which likely isn’t the case for the data on your phone.
Another issue is this piece of advice, from the same source:
For instance, a word like Äpplë is much more difficult to guess than just Apple.
While this might make your Lock screen password harder to manually guess, if anyone would bother with your Lock screen password in the first place, swapping out a letter for its accented twin should normally be considered a bad security habit, on par with setting your password as ‘p4ssw0rd’. Library attacks can be programmed to take these quirky ‘alternate spellings’ into account, and in most cases they can be quickly guessed. It might not be an issue on the iPhone, but you shouldn’t rely on this tip for your important online accounts.
That doesn’t mean Digital Inspiration’s tip is worthless on the iPhone. It may be effective if applied to a vault app that includes its own strong encryption scheme (one such app is Foxygram.