Passcode
-
Hi folks
I’ve found the iOS passocde only gives an option for 4 digits numerical which is 9999 combinations. This seems possible to brute force as there doesn’t appear to be an error after so many failed attempts. Would appreciate some feedback from others or devs on this as appears to be a security flaw
many thanks
-
You’re right that a four-digit passcode is potentially guessable if someone has regular access to your device. In most cases, the greater security actually comes from your device passcode itself; someone can’t gain access to your journal if they don’t have your device passcode in the first place. And on iOS 18 and later, there’s further protection available to you even if you unlocked your phone and let someone else use it – you an lock any individual app, which requires your passcode or Face ID to unlock the app. These protections mean that in most cases, the Day One passcode isn’t the critical point of failure.
If you’re in a situation where you’ve shared your phone’s passcode with someone who has regular access to your phone, though, that’s where the Day One passcode comes in. And you’re right; allowing a longer passcode, or introducing delays after a certain number of failures, would make this more secure. I’ve noted this request in our internal feature tracking system. Thank you for the feedback.
Day One Forums 