Security & Privacy

Apple has been recommending at least a 6-digit passcode for years. You have to make a special effort to use a 4-digit one. You can also select a more complex password. It's entirely your choice.

Use a passcode with your iPhone, iPad, or iPod touch - Apple Support

I would also point out that you've opened yourself up to all sorts of private and security issues by posting your email in a public forum. I've requested the Hosts remove it but the damage may be done.

To use Face ID, you must set up a passcode on your device. You must enter your passcode for additional security validation when:

The device has just been turned on or restarted.

The device hasn’t been unlocked for more than 48 hours.

The passcode hasn’t been used to unlock the device in the last six and a half days and Face ID hasn't unlocked the device in the last 4 hours.

The device has received a remote lock command.

After five unsuccessful attempts to match a face.

After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.

About Face ID advanced technology - Apple Support

You're setting up weird hypotheticals. Do you think the shopping mall security is going to come after you, confiscate your device, unlock it and look at your photos? Why would they do that? In the general scheme of things, unless you're restarting your phone in the shopping mall, your Face ID will work just fine.

You can also change your passcode to one that is complex. I've given you the instructions.

And, finally, telling us here in this user-to-user forum how you think Apple should make things work is pointless. Apple doesn't read here for suggestions or feedback. However, you can let them know your thoughts here:

Product Feedback - Apple

RakeshVIndia wrote:

I had 11 pro , i am not sure about other devices , it only takes 4 digit , also what is use of having face ID - many times face id does not work & you have to type 4 digit pin to unlock , i am not able to understand this

Again, the 4-digit passcode was your choice. The default is 6 digits. A more complex password is also an option. Please read the article I linked to above.

The screen lock passcode length has nothing to do with the physical device. It is a function of iOS and iPadOS. Any device running iOS 9 or any more recent version of the operating system defaults to a 6 digit screen lock passcode, with options in settings to instead use a 4 digit code or a complex alphanumeric password.

The very first iPad Pro models shipped with iOS 9 and every pro model since has shipped with whatever later release was the default at the time they were made. So your device would have defaulted during initial setup to a 6 digit code, not a 4 digit code. You or someone you let use it must have changed the original code to a 4 digit one.

FaceID or touchID will not work anytime the device is rebooted. When rebooted, you must first enter the screen lock code to initiate use of FaceID or touchID. Same thing if you don’t unlock the device for 48 hours - the code itself is then required first.

RakeshVIndia wrote:

I understand all these , simply my question is -- the purpose of having Bio Id is to give 100% protection for unlock , to me this does not make sense it just open simply with pin, If we set up face id with pass code then - the device must recognize both face id & pass code is then fine , not able to understand.

Passcode is entered when face id does not work & it happened to my case even without the above conditions you mentioned , not sure why , even if my phone was not used for couple of hours some times face id did not work. Once FACE ID is set this should work without any interruptions why many conditions are put , like 48 hrs or others , what is the need for those conditions , once you configured a face ID - this should be set for ever unless we want to change by ourselves , this is not happening - one can steal your device , using a spy camera the typing patter pin code can be easily found - then you are gone

If you read the article I linked to above on how Face ID works, you would see that it is NOT 100% secure. Also, you cannot use it if the phone has been powered off as the Face ID information is stored in what is called a "Secure enclave" that the only accessible once the phone has powered up.

The fact that you want Face ID to work in a way that it does not and never has doesn't mean Apple is some how at fault.

FaceID and TouchID digital encrypted data is stored in secure enclave. However, neither the touchID sensor nor the faceID camera have any access to that secure enclave data until you first authenticate with the password.

Your screen lock passcode is never stored or saved to the device or anywhere. When first set it is used to generate the keys necessary for encryption and decryption of your data on the device and those keys are saved securely. Since the algorithm that generated the keys is based on the exact code or password you set, you need that exact code or password to verify the keys and regain access to a device. That is the added security of requiring the passcode or password - it is the master code to unlock your device and allow the operating system to begin using touchID or faceID. Since the code should be known to you and nobody else, it is the master key securing your data and device.

When your device is shut down or restarted, the keys are once again must be verified by entering the passcode and only then may touchID or faceID be used. Similarly after 48 hours of non-use, iOS itself breaks access to the keys and they must be verified anew using the passcode.

The passcode cannot be recovered since it is never saved to begin with. That is why the one and the only way to regain access to a device without the passcode or one which is disabled because of too many login attempts is to erase it and set it up all over again to generate fresh security keys.

TouchID and faceID are convenience proxy's for the passcode so you do not have to physically type it in all the time. They also allow one to use a much more complex screen lock passcode ideally since they will only need it occasionally. My password on all my devices is 12 characters including standard things like case change, numbers and special characters (it is saved in a secure keychian note on my two Macs as well as in mSecure which sync's my passwords across all my devices).

You can also change the password settings in iOS and iPadOS to include the option to erase the device after too many failed guesses at the passcode or password (8 I think it is).

So Apple has very carefully thought about all this and engineered their chips they use in their devices to be amongst the most secure consumer electronics ever made. The screen lock passcode and the way it works is integral to how secure enclave works. It is not a substitute for touchID or faceID - they are substitutes for it to make using the devices easier, and ideally to allow you to even increase security by using a complex password.

Sorry, but I am simply not so paranoid to believe that some mall cop sitting in a room swatching multiple monitors is so keenly focused that he spots me using my phone and zooms in just in time to see me enter my code (since nowadays I’d be wearing a mask so FaceID is disabled). And yes, he’d need to be able to zoom in to see it as mall cameras are wide angle cameras to allow for watching of large numbers of people simultaneously. He’d also have to be dang quick because even with my long password, it takes me a second or two to type it in. And then the mall cop is so willing to face being fired at the least, or facing criminal charges, that he accosts sometime later to grab my iPhone and steal my personal information.

That scenario, IMO, is absurd.