Hector Martin

So the question now is: for a given level of security, which of these interfaces is easier for *you* to operate quickly. Which type of passcode is easier for you memorize?

Alphanumeric has two hypothetical advantages. If you pick the password *truly at random* you can get more entropy (strength) from each alpha button press, so your password could be shorter. But those fewer keystrokes come at the cost of squinting at small keys.

But of course we all know that none of you are picking your alphanumeric passcode at random. You’re all using Kitty123.

(Crap now I have to change my passcode.)

In all seriousness, if you’re using the alphanumeric option to pick a *non-random* passcode (as most people do) then it’s much harder to tell how much password strength you’re getting. Some, a lot. Some less than they think.

In practice (given the apparent limitations of current iOS attacks) it’s probably fine to use an alphanumeric passcode. It may be very secure. The real question is whether it’s worth the hassle of using the non-numeric keypad.

So in summary: random (long) numeric passcodes may be a more ergonomic choice for a given security level, especially if you force yourself to memorize the thing over a week or two (even if that involves carrying a post-it during that time.) But do whatever works for you.

Honestly, this is why I still prefer a (rooted) Android phone where you can set a long FDE passphrase and a simpler unlock passphrase. If you shut the thing down the key material is gone unless you can crack a long scrypted passphrase.