I want to use a low-entropy PIN on my phone, because I enter it dozens of times per day, shoulder-surfing is a concern as big as hacking in many scenarios, and because I trust Apple's hardware to be capable of efficiently limiting local PIN attempts and wiping high-entropy keys if required.
At the same time, I log in to new iOS devices with my Apple ID about once per year. I would love to be able to use a high-entropy key in that scenario. (As a point of reference, WhatsApp allows exactly that for encrypted backups!)
If that's still baffling to you, I'm glad I could introduce you to a very different viewpoint :)
There's still too many situations in which I do end up having to enter my passcode.
Mask unlock isn't perfect, wet hands can throw off Touch ID, and once per day I believe they will just reset and as for the passcode anyway. It's also required for software updates and reboots.
I'm not asking for this to become the default, or even an option given in any setup wizard. Just allow me to set up my own end-to-end encryption recovery passphrase and let me remove all of my device passcodes, i.e. allow me to opt out of HSM-mediated key escrow.
Is your Apple ID password not a sort of "secondary passphrase" as you're wondering? You enter the Apple ID password to download the encrypted data and the low-entropy passcode to decrypt it.
Not really. The Apple ID password is a regular server-verified password and does not contribute to end-to-end encryption in the cryptographic sense. In other words, it gates access to the end-to-end encrypted data, but not the keys used to encrypt them.
If you trust Apple to never get hacked or hand over your data to any third party, that's perfectly fine, but that is not the scenario that end-to-end encryption is designed to address.
Got "1234" as a passcode on a long-forgotten family iPad or test iPhone? Better go change it to something secure, as that's what stands between an advanced attacker (that can compromise your 2FA), or somebody able to compromise/apply sufficient pressure to Apple, getting into your iCloud end-to-end encrypted data.
The iCloud recovery key is a 28-character string, not your iPhone PIN: https://support.apple.com/en-us/HT208072. There is no situation that I can think of where a device PIN is of any use off-device.
Recovery keys were part of iCloud Keychain end-to-end encryption when used without "two-factor authentication", which is now a deprecated setup and can't be used with new iCloud accounts anymore:
Thank you for the links. In my case, I have two-factor _and_ a recovery key set up. The Account Recovery icon on Apple ID says "Your device passcodes can be used to recover end-to-end encrypted data. If you forget your passcodes, you'll need a recovery contact or recovery key."
Are you sure it's either/or? Have you gone through the process, and are you sure the PIN is required off-device, rather than ? If that's the case, I do agree that it's not good.
Also I don't quite understand the threat model where a stronger authentication to iCloud allows for weaker data encryption. Considering Apple is usually pretty spot on with these things, this would definitely stick out.
> Got "1234" as a passcode on a long-forgotten family iPad or test iPhone? Better go change it to something secure...
according to the article, I don't think this will be possible because you won't even be able to turn on Advanced Data Protection in this scenario.
"You must also update all your Apple devices to a software version that supports this feature."
Just to get the feature enabled you're going to have to go and "touch" all of the devices you're signed into and either update their OS (and also update their passcode if you're smart) or sign out of them.
