All recent iOS devices have two very important security features that cannot be overcome. First, all attempts to check the password must be done on the phone. Second, there is a hardware limit of 80ms (0.08 seconds) before you can check another password. Neither of these security limits can be changed, subverted, overcome, bypassed, or in any way mitigated.

Because of the hardware limit of 80ms per guess, short alphanumeric passwords are very secure in iOS. For example, a 6 character password using only 0-9A-Za-z yields a password that takes well more than a century to crack:

(62^6) * 80 ms = 52,592.8107 days

Even using ONLY A-Za-z would take 50 years:

(52^6) * 80 ms = 50.1204957 years

Increase it to 8 characters and it’s 135 thousand years. 8 characters of upper and lower case. Yes, a password like frjAgntq would take 135 thousand years to crack, regardless of how fast your computer is. Hell, with 8 characters even an all cap or all lowercase password (assuming you know the password is using only A-Z) is still over 500 years.

That’s right, a random password of zafheenp will take until the 26th century to crack, just based on the hardware limit of 80ms per guess.

If you count all the 102 characters on the 4 iOS keyboards (not counting any longpress characters) then a six digit password would take nearly three thousand years to check all possible combinations and an 8 character password would take 30 million years.