Requirement to enter passcode every 48 hours

Its working as designed - following quote is from http://support.apple.com/kb/ht5949

To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation:

• After restarting your iPhone 5s
• When more than 48 hours have elapsed from the last time you unlocked your iPhone 5s
• To enter the Touch ID & Passcode setting

Here is the technical sheet about passcode setting. Touching the Home button is deemed Fingerprint unlocking. It depends on other settings as to how often a passcode is required. Read the note for more details.

http://support.apple.com/kb/ht4113

We rolled out iPhones at work recently with AirWatch and noticed this phenomenon when people don't use their phones over the weekend and forget their new passcodes on Monday. They are still on 8.4.1.

This has not happened to my personal iPhone (9.1) until this morning and I upgrade regularly. I have used touch ID a lot in the last 48 hours, and have not rebooted recently, so entering the passcode should not have been necessary. I downloaded the AirWatch agent to it to test BYOD, but deleted it weeks ago. I've also had a work email profile set up for years, but it uses the Outlook Web Access connection.

At any rate - it doesn't appear to be a corporate-only policy. Apple says, "To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation:

• After restarting your device
• When more than 48 hours have elapsed from the last time you unlocked your device
• To enter the Touch ID & Passcode setting"

About Touch ID security on iPhone and iPad - Apple Support

I think this explains the issue, at least for me.

Thank you Glenn Fleishman @ Macworld

http://www.macworld.com/article/3072181/ios/new-touch-id-rules-why-you-have-to-e nter-your-passcode-when-you-wake-up.html

When iOS 9 was released, Apple updated its list of cases in which iOS asks for a passcode even when Touch ID is enabled. A previously undocumented requirement asks for a passcode in a very particular set of circumstances: When the iPhone or iPad hasn’t been unlocked with its passcode in the previous six days, and Touch ID hasn’t been used to unlock it within the last eight hours. It’s a rolling timeout, so each time Touch ID unlocks a device, a new eight-hour timer starts to tick down until the passcode is required. If you wondered why you were being seemingly randomly prompted for your passcode (or more complicated password), this is likely the reason.

The list previously included (and still includes) restarting the device, five failed fingerprint recognition attempts, receiving a remote lock command via Find My iPhone, enrolling new fingerprints in Touch ID, and not having been unlocked in any fashion in 48 hours. These rules are in place ostensibly to prevent compelling or coercing someone to provide a fingerprint, raising the bar to demanding or cracking a passcode instead.

This addition came before the San Bernardino case and the Department of Justice and FBI’s now-abandoned efforts to get Apple to provide a custom operating system to unlock a phone. However, it might have some bearing when a court order is issued to compel someone to use a fingerprint to unlock an iOS device, as in a recent case. This timeout would add an additional ticking clock, but wouldn’t necessarily affect the outcome. Some courts have required parties enter a password to decrypt a device or a hard drive, though whether that constitutes self-incrimination hasn’t yet made its way to higher courts.

Users (including this reporter) began noticing this change in the last several weeks, even though an Apple spokesperson says it was added in the first release of iOS 9. However, a bullet point describing this restriction only appeared in the iOS Security Guide on May 12, 2016, according to the guide’s internal PDF timestamp. Apple declined to explain the rationale for this restriction.

An unnoticed rule, but triggering more often?

Macworld was alerted to this change when reader David Shanahan emailed the Mac 911 help column about being prompted for his passcode on both an iPad Air 2 and an iPhone 6 once or twice a week in the morning after leaving them charging overnight. That had also been this writer’s experience.

Security expert and Macworld contributor Rich Mogull confirmed he had seen the change in behavior, and didn’t realize until he was asked about the restriction, which he then confirmed he hadn’t previously seen mentioned or documented. Researcher Jonathan Zdziarski also confirmed that he hadn’t seen this requirement before, and said, “It explains what the ****’s been going on with my phone, though!”

The exact language of this additional timeout is: “The passcode has not been used to unlock the device in the last six days and Touch ID has not unlocked the device in the last eight hours.”

Neither Mogull nor Zdziarski could determine why this period of time had been chosen. Zdziarski said he’s been asking Apple for some time to either set the timeout period to eight hours, down from 48, or to allow users to select a period of time. He would also like to see an option to require a passcode based on a geofence—a coordinate-based defined region. “I would love it to automatically kill the fingerprint altogether or set the expiration down to even 4 hours or 8 hours if I’m not inside some geofence I’ve set up,” he said.

An iOS device can have its Auto-Lock setting changed without a passcode, and one of the options for Auto-Lock is never. With that option engaged and continuous power, as long as the iOS device isn’t restarted or the Sleep/Wake button pressed, the phone should remain continuously unlocked. In that situation, the Touch ID timeout conditions never come into play.

However, if the device ever becomes locked or is seized while locked, it’s a different story. Because a law-enforcement or other government agent or a malicious party wouldn’t necessarily know the last time the passcode was entered, it raises the stakes higher than the 48-hour timeout. There would typically be no way for another party to know if the six-day period had passed, nor whether Touch ID had been used in the previous eight hours to unlock the iPhone or iPad.

It remains unclear precisely why Apple added this requirement, but finding this new bullet point clears up the mystery of why your iPhone and iPad love the smell of freshly entered passcodes in the morning.

j wfromtorrance wrote:

The only thing I can think of is this is some security thing uploaded from the company. This is my phone but I sign onto Exchange to be able to retrieve and send work email. I have asked local IT and they tell me it's not them.

It IS your company.

If you have an Outlook/Exchange account from your company on the iPhone, then you have a profile loaded onto your iPhone and it is set to require a passcode every 48 hours.

If you remove this profile, this 48 hour requirement will go away.

gfs2008 wrote:

...

I'm not sure if this is a security 'feature' or some testing software bug that was left in the release version.

I think it is a combination of the two. There has always been a security feature for Touch ID regarding 48 hours. That is quoted below from https://support.apple.com/en-us/HT204587

To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation:

• After restarting your device
• When more than 48 hours have elapsed from the last time you unlocked your device
• To enter the Touch ID & Passcode setting

The bug part of it is that with the release of iOS 9 (or 9.0.1 or 9.02.), the 48 hour requirement is being triggered in some cases when 48 hours have not elapsed. iOS 9 was released on September 16; iOS 9.0.1 on September 23; iOS 9.0.2 on September 30. I updated on each of those days. So far I have only had the 48 hour message one time (and it was only about 20 minutes after the previous unlock). To me it appears to be a very intermittent bug.

I'm not sure if this is a security 'feature' or some testing software bug that was left in the release version.

But I seemed to have found the solution. I did a backup of my phone to iTunes on my Mac, did a clean install of system 9.0.2 and then restored my iPhone from my backup. It seems to have solved the 48 hour password request problem; hasn't happened again and it's been over 10 days. Hope this helps you.

Just found it.

You have not unlocked your phone for 48 hours.

-> http://support.apple.com/kb/ht5949

Chris CA wrote:

j wfromtorrance wrote:

The only thing I can think of is this is some security thing uploaded from the company. This is my phone but I sign onto Exchange to be able to retrieve and send work email. I have asked local IT and they tell me it's not them.

It IS your company.

If you have an Outlook/Exchange account from your company on the iPhone, then you have a profile loaded onto your iPhone and it is set to require a passcode every 48 hours.

If you remove this profile, this 48 hour requirement will go away.

Not true. I've been seeing this randomly, and I do not have a corporate Exchange email account on my iPad. I used the iPad at 11 PM yesterday, this morning I got the message that a password is required after 48 hours. It has happened several times, randomly. It does not happen every day.

With the latest iOS 9.2 upgrade, it appears that instead of correcting the issue, they simply re-worded what the annoying popup says. Now it no longer mentions "48 hours", but simply demands for the PIN code to be entered. It's now obvious that this is no bug, but intention by Apple, a "security feature". They simply want us to use both PIN and fingerprint recognition to unlock our devices. So, once every 48 hours or so, you will get annoyed by this, whether you like it or not.

2manygadgets wrote:

I specifically keep my 6+ off our Corp network so they have no control over it

Is there any profile installed on the device?

Settings > General > Profiles.

there is no pattern to it, it's random, just because you haven't had the issue since you soft reset your phone doesnt mean it's a fix, others have reported trying this and it still happens. Based on your logic, I could say doing nothing is a fix cos since I did nothing to try and fix it the other day it hasn't happened since.

I would say the most likely cause of this is some incorrect logic in the code that decides that it's 48hrs since you used your phone and the fix will be a software update.

Ubisububi wrote:

I too, am having this problem on my iPad, although it's not happening on my iPhone. It started very recently after one of the OS9 patches. It is not due to a profile or a work-related email account (I am retired so no work content on either device). Lastly, although mine is only a 4-digit passcode, it's still annoying and not working as intended.

• It's not an iOS 9 problem, because people reported it with iOS 8.4 (in this very thread)
• It isn't due to a profile on YOUR PHONE, but it very well could be for other users
• Yes, it's annoying
• Yes, it is not working as intended.

Is there anything else to discuss about it? All of the reasonable troubleshooting attempts have already been posted in this thread, and none of them have solved it.

Regarding the "annoying" factor, in every software product there are bugs. One of the jobs in managing bugs is triage. A way of thinking about bugs is to classify them. A company I worked for used four levels:

• Critical: The function is unusable
• Severe: The function is unusable as intended, but has a workaround, or it's possible to live with it in a degraded mode
• Annoying: The function works, but in a way that makes extra work for the user
• Interesting: It's an oddity that doesn't cause any harm, but it shouldn't work that way

It happens randomly, with no discernible pattern. It has never happened on my iPhone 6, and has happened only 3 or 4 times on my iPad Air 2. With very long gaps between instances. It was reported by some users in iOS 8, so it isn't specifically an iOS 9 issue. So it is most likely a bug, but on the scale I use for bugs (Critical, Severe, Annoying and Interesting) it falls between Annoying and Interesting. It does no harm, and considering that prior to the iPhone 5S, ALL iOS devices required entering a passcode every time they were unlocked, would not be high on my list of bugs in triage. Surely the one that broke all POP email accounts would be way up on the list compared to this one, and it has gone unfixed for months.

Lowbflat wrote:

You should stop insisting when you don't know what you are talking about. The only thing that changed for me was installing iOS 9.01.

IT can't be my email when I don't have email on my iPhone.

YOU are the one who doesn't know what you are talking about. The original post was over a year ago. Long before iOS 9. The problem then WAS caused by a corporate email account that installed a security profile. The problem you have is totally, completely, unrelated to the problem reported in May of last year. And even in iOS 9 a corporate security profile can require password entry periodically. It's usually a bad idea to post a new problem to a "stale" thread, for exactly the reason here - it causes confusion. It would be much more useful, and lead to less confusion, if you would start a new discussion for a new problem.

And yes, there is an issue with iOS 9 requiring passwords at random times with the "48 hour" message. And there's no solution at this time.