iOS 9 Feature Preview: Improved security with 6-digit passcodes and native two-factor authentication

BY Kelly Hodgkins

Published 16 Jun 2015

iOS 9 logo
At WWDC 2015, Apple announced changes to iOS that’ll improve the overall performance and the security of the operating system. The new iOS 9 now allows six-digit passcodes, up from the four-digit maximum in previous versions of the OS. It also brings two-factor authentication to iCloud, keeping your synced data much more secure.

Six-Digit Passcodes

Starting with iOS 9, Apple changes the default passcode option from the standard four digits ( 1-2-3-4) to six digits (1-2-3-4-5-6), prompting users to enter a longer passcode during setup. This change makes it more difficult for thieves to guess a passcode as it increases the number of possible combinations from 10,000 in iOS 8 to one million in iOS 9. Apple still allows four-digit passcodes, but it available only as a passcode option and is no longer the default choice. Users can enter their six-digit password during setup or by going into Settings > Touch ID & Passcode > Change Passcode.

iOS 9 - 6-digit Passcode

Two-Factor Authentication

Apple began supporting two-factor authentication in 2013 for its Apple ID login and has gradually expanded the security system to iCloud and other services. Now in iOS 9 and OS X 10.11, Apple is ready to extend this security measure again.
How Apple will integrate two-factor authentication into both iOS 9 and OS X 10.11 is not clear, but a screen shot on the iOS 9 preview page suggests users will be able to monitor device logins more closely. This screenshot shows an alert on a Mac that’ll appear when an iPhone or any other iOS device is being configured with an Apple ID that supports two-factor authentication. The confirmation alert on the Mac shows the Apple ID and the location of the device being added to the account. It also allows the user to “Allow” or “Don’t Allow” this addition. That same screenshot further hints at the use of a six digit two-factor authentication code, up from the four-digit codes used in iOS 8.


There were rumors that Apple will add a new kernel-level feature for iOS 9 called Rootless. This was meant to do several different things, including preserve the security of sensitive data on devices, increase the safety of extensions and prevent malware. The feature was supposed to make it even more difficult to jailbreak iOS 9. However, Apple did not say anything about it, which is not surprising as it wasn’t a consumer or a developer-facing feature. We’re yet to get a confirmation if iOS 9 includes the feature.

What do you think of these new security measures? Will you use a six-digit code or opt to keep the existing four-code option? Share your thoughts in the comments below.

Other articles from our iOS 9 Feature Preview series:

➤ You can finally save or add any type of attachment in the Mail app

Improved Battery life and the all-new Low Power mode