IBM, which has been an enterprise mobility partner with Apple for more than a year, is praising Apple's move to six-digit passcodes in its new iOS 9 operating system.
When iOS 9 becomes publicly available on Sept. 16, iDevices will default to six-digit passcodes instead of four. With the addition of two digits, iDevices will instantly become tougher for hackers to crack by increasing the possible number of passcode combinations to one million, up from the previous 10,000, said Caleb Barlow, vice president of mobile management and security at IBM.
Not only does the move to six-digit passcodes make it harder for hackers to tap into corporate data on BYOD devices, it is also a big step forward in helping organizations to beef up their BYOD policies, he said.
In a post on IBM's Security Intelligence blog, Barlow said IBM research into one million BYOD and corporate-issued devices showed that nearly 90 percent of companies only require simple, numeric PINs. And of these companies, almost 80 percent enforce only the most basic option to protect the data on their phones, a four- to five-digit PIN which, according to the iOS Hackers' Handbook, can be cracked as quickly as 18 minutes, he added.
In light of these findings, Apple's security updates to iOS 9 represent a step in the right direction and provide employers an opportunity to strengthen their current BYOD policies immediately. Barlow called Apple's move, "two small steps for users but one giant leap forward for mobile security as a whole." He added that "This bold move by Apple serves as an opportunity—and a wakeup call—for companies to refresh and strengthen their own current bring-your-own-device (BYOD) policies."
Barlow noted that another IBM study found that nearly 40 percent of companies, including many in the Fortune 500, are not properly securing the mobile apps they build for customers. And 67 percent of companies allow employees to download un-vetted apps to their work devices.
However, "While Apple's latest security update is a well-timed win in the fight against increasingly organized and resourceful cybercriminals, in order for mobile security improvements to be accomplished at an industry level, companies must also continue to be mindful of the very reason BYOD has become a global phenomenon: user convenience," Barlow said.
Moreover, he called Apple's new six-digit default "a perfect example" of how to help users better protect personal and corporate data while still maintaining the ease of use they crave through touch authentication.
Yet, there's much more to be done, said Barlow. "Passcodes are simply the user's first line of defense and remain only one piece of the puzzle," he said. "Security teams should use this moment to further rally around mobile security initiatives, such as stronger authentication of the data and apps that reside on the device, which will help us protect ourselves against rising threats in simple yet effective ways."
Meanwhile, companies that are implementing strong mobile device security should allow employees to use biometric authentication to ensure mobile devices remain convenient and secure, Barlow said. They also should consider additional options to secure corporate data on mobile devices, including linking to an overall corporate identity management system or considering two-factor authentication.
The IBM MobileFirst for iOS apps are built exclusively for iOS devices and are delivered in a secure environment, embedded with analytics and linked to core enterprise processes. The apps can be customized and are deployed, managed and upgraded via cloud services from IBM specifically for iOS devices, with security across the data, app and device.
"The MobileFirst for iOS apps IBM announced today give some real shape to the company's partnership with Apple which I think may have confused some folks when it was first announced," said Charles King, principal analyst at Pund-IT. "These offerings show IBM moving ahead in an orderly fashion, industry-by-industry, in tackling specific challenges and adding value to core business processes through the application of advanced analytics."