[capableweb]

Security has never been "Secure or not" proposition, it's always a balance between convenience and safety against threats, threats that change depending on who you are, and who is targeting you.

Some features are (understandably) almost impossible to make very safe. Take PDF viewing for example, the entire thing is so huge, that it's bound to be holes in any implementation, just like what the NSO proved some time ago with the iMessage exploit.

I take this effort as something similar to the "Hardened Linux" effort. Just that it exists doesn't mean that Linux is "unsecure", it just means that if you really need to, there is more steps you can take to make it even more secure. Just like what Apple is doing here.

[vorpalhex]

If I could upvote you twice, I would.

Security is always a tradeoff and there is no single answer. A feature for one person is another person's hell.

An acquiantance just lost all their data because they had enabled "format on too many missed passcodes" and their kid was playing with their phone.. caused quite a few tears. On the other hand, that feature is invaluable to international travelers.

[lekevicius]

What a strange implementation of "format on too many missed passcodes". Apple (on iOS and watchOS) implements this, but after some amount of failures, phone gets into progressively longer lockdowns. So maybe after 3 failed attempts you have to wait 2 minutes, after 4th 5 minutes, and before the final (formatting) attempt you have to wait something like 12 hours. This prevents "kid playing with the phone" problem.