[nikitoci]

You are not limited by 6-digit passcodes only, you can also

“…Or tap Passcode Options to switch to a four-digit numeric code, a custom numeric code or a custom alphanumeric code.” which is on their support web site[1]

[1]: https://support.apple.com/en-gb/HT204060

[lxgr]

Yes, but then I need to enter a custom alphanumeric password every time I unlock my phone or tablet.

I want to be asked for it if and only if I grant a new device access to my end-to-end encrypted iCloud data.

I don't think this is an absurd demand. WhatsApp supports this security model, for example. Evem Apple used to, before they forced every iCloud keychain user to switch to their HSM-based model!

[SllX]

Do you not use FaceID or TouchID or unlock with the Watch?

I switched my pin to alphanumeric because I’m not putting it in every time I pickup my phone. I can live with the inconvenience of putting the passcode in every couple of days or so.

[zaroth]

I just want to second this. I use a long alphanumeric password to unlock my iPhone plus FaceID.

I enter the password at most a few times a week after reboots and if someone plays with the phone and gets FaceID to fail too many times. It’s not annoying at all to unlock with the keyboard rarely.

[sneak]

I put in my 12 character numeric passphrase multiple times a day because FaceID sucks with masks and covid is still a thing.

I wish TouchID were an option on latest pro iphones.

[brewdad]

Lately I've found FaceID can't handle my 'first thing in the morning and haven't had my coffee' face. I'm not sure if it's me or if Apple updated the algorithm.

[SllX]

If you haven’t already, I would nuke and pave the facial recognition. Haven’t faced anything like that since TouchID but that would be a red flag to me that the recognition data set is betraying me.

[brookst]

I see what you're asking for, but I don't think Apple would ever do it. A passphrase that is only used once every few years is a recipe for endless support calls.

[lxgr]

Then hide it behind an option deep in the settings, and label it "only for advanced users, and if you lose it, all your data will forever be gone".

Apple even had this exact setting in the past! And they still have a similar thing for Mac disk encryption (the default is iCloud escrow, but a local-only recovery passphrase is also an option).

[dmix]

Android offered it for a long time for decrypting on boot. I'm sure Apple could communicate it well enough.

[ace2358]

I’m aussiming you don’t use Touch ID or Face ID?

I’ve been using an alphanumeric passcode for about 7 years now. I’ve gotten used to it. It’s not too long to be annoying but better than a numerical pin.

Even if you used 4 numbers for an alphanumeric password, it’s still much more secure than a 6 digit pin.

[lxgr]

> Even if you used 4 numbers for an alphanumeric password, it’s still much more secure than a 6 digit pin.

Unfortunately, that's not the case:

If you trust the secure enclave (for the device unlock scenario) or Apple's HSMs (for the key escrow scenario), a 6-digit PIN is just as secure as a 4-character alphanumeric password. In both cases, you get 10 invalid attempts before your data is wiped, and the odds are negligibly small in either case (10/10*6 vs. 10/62*4).

If you don't, i.e. you are concerned your adversary can somehow perform a brute-force attack, you need way more than four alphanumeric characters.

[brandonbloom]

It's not exactly what you want, but one mitigating factor is if you're using FaceID, TouchID, or Apple Watch -- Those things will dramatically reduce the frequency that you're prompted for your password.