I remember when I used iPhone 4, the password to open the phone was 4 digits. I still remember I used my ex-girlfriend's birthday for that, for a long, long time. I do not remember using any password on any website or software access with less than 4 digits. That meant, even for that not-so-dangerous age with hacking, at least we need 4 digits to have assured protection.
iPhone 4 was unveiled in 2010, while in the iPhone 6 age, in 2014, the screen password protection was started to be enforced by 6 digit password.
In fact, probably we cannot use iPhone passwords to measure the password protection history. I remember when I came to the States to access the department computer system, when 1988, the apartment system manager set a password for me at that time that is haline 6 digits, I guess that might be the minimum digits we need to set a password, while the password was set up in that way with two considerations:
- meaningful in words, haline is a real word with real meaning, then people can remember it
- meaningful in person. This password has some characters that match my name.
for that password, I used for more than several years, or say, more than a decade. That meant, in that age, the software or system protection was just for normal people, without much or any consideration for a hacker attacking.
Now, as a rule, your any password must not be meaningful in any sense in case for not letting hacker to guess your password.
![]()
From the report above, we can conclude to brute force a password:
- with 8 digits, such as Numbers + Upper and Lower case Letters --- 3 years
- with 8 digits, such as Numbers + Upper and Lower case Letters + Symble --- 7 years
- with 9 digits, such as Numbers + Upper and Lower case Letters --- 161 years
- with 9 digits, such as Numbers + Upper and Lower case Letters + Symble --- 479 years
These are just what we are doing in daily work, which is quite enough to protect us from hackers attaching.