Accented characters make iOS passwords stronger, not enough to keep your data secure

By , Jan 24, 2013

passcode accented characters

There’s a suggestion floating around on tech blogs for setting ‘unguessable passcodes’ in iOS. The idea is to use alternate accented characters, which are hidden but easily accessible by holding down letters on the virtual keyboard. The thinking is these accented characters could be especially effective at thwarting guesses, as English speakers might not even realize that there are accents beneath the keys…

While I think the idea of using accented characters for a password is clever, setting these passwords on the Lock screen isn’t going to do most users good. Tools like iFunBox can access your camera roll and the iOS filesystem, even when your device is locked. Programs of this sort flat-out ignore your lock screen password. The only protection against this kind of attack is if your apps specifically encrypt the files they store, which likely isn’t the case for the data on your phone.

itools

Another issue is this piece of advice, from the same source:

For instance, a word like Äpplë is much more difficult to guess than just Apple.

While this might make your Lock screen password harder to manually guess, if anyone would bother with your Lock screen password in the first place, swapping out a letter for its accented twin should normally be considered a bad security habit, on par with setting your password as ‘p4ssw0rd’. Library attacks can be programmed to take these quirky ‘alternate spellings’ into account, and in most cases they can be quickly guessed. It might not be an issue on the iPhone, but you shouldn’t rely on this tip for your important online accounts.

That doesn’t mean Digital Inspiration’s tip is worthless on the iPhone. It may be effective if applied to a vault app that includes its own strong encryption scheme (one such app is Foxygram.

[Digital Inspiration, via Lifehacker]

  • Share:
  • Follow:
  • Liam Mulcahy

    Cool

  • No Whammy

    “Library attacks can be programmed to take these quirky ‘alternate spellings’ into account, and in most cases they can be quickly guessed.”

    You mean dictionary attacks, and dictionary attacks only have commonly used words. In *rare* cases they may contain a few alternatives for some words with 1337 speak variations. Of course, including every variation of every dictionary word with every alternative vowel makes it a HUGE dictionary…and technically not a dictionary anymore. It’d be closer to a rainbow table at that point.

    You get one point for mentioning iFunBox, but otherwise, recommending against improved security is idiotic, especially by segueing your rant into the web world.

    1/10, would not read again.

    • smtp25

      You get 1 downvote for saying the dictionary attacks only have common words. You can seed the dictionary with what ever you want and obviously P@ssw0rd and the like would be included

      • No Whammy

        …which I acknowledged. Down vote for not reading.

        Now, so you understand what a dictionary attack is, find a text file with each possible variation of Äpplë as cited in this article then find one with EVERY variation of every English word.

        If you have half a brain you can even make one yourself ;)

        When you realize your file is 30% of a brute force attack, you’ll understand what a dictionary attack is.

      • smtp25

        Well dictionary attacks are more than 30% given you are trying to brute force open it by throwing as many common passphrases as possible at it until you get, when dictionary is exhausted it resorts to every character/number/symbol combination possible

        Also if you have a half a brain you wouldn’t make one yourself, reinventing the wheel, just download an existing one and update it with the latest trends

      • No Whammy

        Let me know when you’re done with the world’s biggest dictionary and we’ll talk.

      • Kurt

        you got many up votes from me.

    • http://www.facebook.com/kenrick88 Kenrick Fernandes

      Down vote because no one gives a shit about your dictionary

      • No Whammy

        You’re right, I should have known the average iDB reader gives zero fucks about accurate information. You’d rather read rumors about the iPhone Math and imagine masturbating to Steve’s portrait on a 4.8″ screen.

    • http://twitter.com/asdtfdr asf

      Yep, this article is ridiculous.

  • Kurt

    best bet is to not use real words. some people like Leo Leporte suggest using a song title or your favorite line from a song…and use the first letter from each word as well as some numbers and symbols. Nirvana – Smells Like Teen Spirit could be NsLtS7$38%…

  • http://www.facebook.com/heyitsmoni Monica Yang

    So what exactly is the best/easiest password manager out there that’s available right now? Foxygram states that it doesn’t work with jailbroken devices and I cant find that Ford one in the App store. I’m looking at LastPass, 1Password and datavault. Any suggestions would be appreciated, thanks.