> During in-house testing, which involved taking an iPhone 16 from iOS 18.5 to iOS 26.4.1, The Register found that Apple has kept the háček in the Czech keyboard, but removed the ability to use it in a custom alphanumeric passcode. The OS will not allow users to input the háček as a character. The key's animation triggers, as does the keyboard's key-tap sound, but the character is not entered into the string.
Sounds more like an actual bug than a decision to change the keyboard layout, if this happens only in the passcode screen?
I think the biggest lesson here is to back up. The reason for losing access to the phone is amazingly dumb but it could have fallen down the stairs for basically the same effect.
And do your could backups cross-provider. You never know what the "big players" are going to pull, and your lifetime customer value is less than the cost of a single support call.
> Steve Jobs would be rolling in his grave if he could see the software quality of the products that Apple releases today.
lol, nah he wouldn't. He would of upgraded his coffin to plush and got a big screen to watch the money roll in.
I recommend reading up on his 80/90's antics. All he cared about was money and that the world was crafted by him.
He was widely known for intense bullying, lacking empathy, and ruthless manipulation, combined with a "productive narcissism" that fueled his obsessive drive for perfection.
This is exactly the reason why I keep all my shit on an SD card despite Google deliberately making the external storage experience as painful as possible: slow access, broken writes, failed unmounts, no filesystem repair. Literally every time I restart my phone I need to put the card to my PC and repair the filesystem. Also, same card works extremely well when plugged into PC via random cheap USB card reader.
On PCs you still have Linux that resists enshittification and you can pick your own hardware, but it's a really sad state of affairs that there is literally no meaningful mobile system that isn't actively hostile to the user.
The thing that bothers me about Android is the gimped file manager.
You wan't to access some files off your network using smb? Here install this third party tool and don't forget to give it full read/write access to your device.
after Apple removed a character from its Czech keyboard
I wonder what the thought process (or perhaps lack thereof) at Apple was. Did no one of the likely-somewhat-large team who did that think "wait, this could lock out our users who may have used that character"?
In the immortal words of Linus Torvalds: "WE DO NOT BREAK USERSPACE!"
Now one of the ways in might be those companies who claim to be able to break iPhone security for law enforcement and the like, but I'm not sure if they'd be willing to do it (at any price) unless you could somehow trick them into thinking you had some "interesting" data on there...
It’s wild that "verify existing passcodes remain inputtable" isn't the absolute first item on the QA checklist for any keyboard layout change. The Czech layout isn't exactly an obscure edge case.
The USB keyboard suggestion mentioned in the other comments likely won't work either because of USB Restricted Mode. After an hour of being locked, iOS disables data over the Lightning/USB-C port until the device is unlocked. It’s a perfect, recursive failure: you can't unlock the phone because the character is missing, and you can't plug in a hardware keyboard because the phone is locked.
Treating the passcode keyboard as a transient UI element that can be "cleaned up" rather than a hard security dependency is a massive architectural oversight. If the OS allows a character to be used in a passcode, that glyph needs to be permanently accessible in a fallback mode, no matter what the localization team decides to prune.
If I'd get a dollar for every annoying bug that Apple misses due to being hopelessly Bay Area brained, I'd probably get at least a free official Apple cleaning cloth every couple of years.
I agree with you and don't really get what Apple gets from removing a valid Czech character, but how would you test if all existing passcodes remain inputable without knowing the passcodes of all iPhone users?
The one way to do this that I could see is to include both the new keyboard and the old one and if someone fails to unlock with the new one auto report that to Apple (not the code, just that the unlock failed and that the keyboard might be the problem), then auto revert to the old keyboard on the next unlock attempt...
Since the beginning, iPhone keyboard is wrong in entering a character first, háček second. It has been the other way around on typewriters and then computers for decades. Then some smart guy at apple thought he knows better. One of those never-fixed-bugs.
Wait, really? I thought "dead keys" being diacritics prefixes, not suffixes, was pretty universal. At least that's how it works with ^, ´, and ` on macOS for me.
I used to have an emoji password for my Android phone, and had the exact same issue after a reset! It's an odd but pretty terrible failure mode for locking oneself out...
You say locking oneself out, but I decline to consider any situation where a password can be set but not later entered as one where the user bears even a modicum of fault.
I remember a website that silently removed everything but the first 8 characters from the "password" field upon registration but somehow didn't do the same on the login page. It took me several hours and several password resets to actually log in after registration, since for some reason the trimming happened client-side and only when typing the password manually (and I was pasting my password from a password manager).
Tangentially related, a relative bought a new Apple laptop a few weeks ago, and I was tasked with setting it up. The computer came pre-equipped with a Czech keyboard (apparently the US models weren't in stock and that relative needed a new computer as soon as possible, so they bought a Czech one).
Since the user doesn't speak Czech, I promptly removed the Czech layout and installed two other layouts, US English and Hebrew, for the languages that the relative uses to type on the computer.
For some reason, login screen just after boot still uses Czech layout, which means Z and Y are swapped and numbers must be typed with Shift (just pressing numbers outputs Czech letters like ěščř). So when booting up the machine (remember that you can't use fingerprint during first unlock), the user must type the password in whatever layout is physically printed on the keys, even though the rest of the OS doesn't even have a mention of that layout. Somehow afterwards the OS "can" see the list of the layouts and lock screen correctly chooses the English US layout.
Alongside of that, for some reason, the key that's supposed to type ` and ~ in the US layout types some nonsense instead (a plus-minus sign and a section sign), whereas the backtick key is for some reason located between left Shift and Z (good luck unlearning years of muscle memory typing ~/Documents in the terminal)
Majority of California based companies employee English only or English and Spanish speakers possibly with some Indian language as well. This leads to lots of problems when you are bilingual or bilingual in other languages such as German in French. Neither Apple nor Microsoft under this sort of language swapping well. Never mind rarer languages like Czech or Greek.
> Majority of California based companies employee English only or English and Spanish speakers possibly with some Indian language as well [...] Never mind rarer languages like Czech or Greek.
That may be generally true, in this case Apple actually has an engineering team in Czechia that works on biometrics and authentication:
I'm a little impressed with Google. Recently the assistant started understanding when I speak Portuguese or when my wife switches to it in a text message. I hadn't had that experience before, the assistants would pick one language and mispronounce the other.
Alexa has an experimental bilingual mode but it's nerfed by its general failure to understand well.
Netflix can't even auto-translate subtitles (in the age of genai where we are close to generating entire movies from scratch). Let alone ever imagine that you'd want to see subtitles in two languages at once.
We run into this issue when watching Korean movies/dramas. My wife prefers Japanese subtitles and I prefer English/German.
I haven’t found a way to enable two subtitles in Firefox (via extensions). So in those cases I usually download a release which contains subtitles in both languages and use a script to extract them via ffmpeg and then combine them into a single srt.
Now the issue is that the lines of the different languages don’t always appear/disappear at the same time. This leads to text jumping up and down. I have tried to mitigate it by injecting white space where only one line is visible, but this again fails when the video player breaks long lines or when the location of the subs change to the top (because there is hard-coded text in the image).
I feel like there must be a better way…
This really should be escalated to the point where Apple engineers build a one-off / custom iOS so that this person can unlock their phone and change their passcode. I'm sure this is in the realm of possibilities. It is such a bad look.
Even if he did have a Mac with the continuity feature enabled, I suppose the lock-screen won’t accept a paste from the clipboard of a Mac.
(If it did, he could enter the correct passcode in any text editor on his Mac, copy it to the clipboard on the Mac, then paste it into the lock-screen on his iPhone)
there was a time when I used a simple "§" in my password. turned out, some Android keyboards don't have the "§". Since then I play it safe with my passwords, using only characters I don't need a specialized keyboard for
I assume you can use a physical keyboard on an iPhone like I can on Android via USB? Presumably you could buy a wired Czech keyboard to access the device?
Twice I have had the touchscreen fail on Android devices and been able to get what I needed off them using a USB mouse.
For the same reason, plugging in an external keyboard is also a no-go since freshly updated iPhones are placed in what's known as a Before First Unlock state, which prevents wired accessories from working until the passcode is entered.
As a non-English speaker I can really relate to this. I think the real mistake was Apple allowing to enter a non-ASCII password in the first place. E.g. on macOS the password fields have been locked to English character set, and I'm not sure why it changed on iOS.
> As a non-English speaker I can really relate to this.I think the real mistake was Apple allowing to enter a non-ASCII password in the first place.
As a non-English speaker (Czech, actually), it is clear to me to not use non-ASCII characters in passwords, or generally not use characters that are at different position on default English keyboard and locally used keyboards, i.e. use only ASCII alphanumeric chars except 'Y' and 'Z'.
As keyboard setting is per-user setting, keyboard may be different on login screen than on regular desktop (and once-login password prompts).
You can use emojis as passwords, do you think that's a good idea? They work now, there's a good chance that they won't be the same forever. See what happened to the family emojis
Well, alphabets change (especially emojis), rules change, etc, so keeping a single subset of stable and known characters is unlikely to be a bad idea :)
If you remember what was the encodings situation before UTF-8 became the norm... Let's say it was really ugly. E.g. there were at least two popular encodings for Russian Cyrillic letters — CP1251 and KOI8-R, and it was _very_ common for applications getting it wrong. Restricting things like passwords (and ideally even file names) to ASCII this was a practical necessity rather than an inconvenience.
This really reads like a modern Ancient-Greek story about inscrutable gods who suddenly decide to complicate your life for some unclear reason and don't respond to any prayers and rituals.
People are afraid of AI, but human organizations can be quite opaque as well.
That said, as a Czech, I wouldn't use any accentuated characters in my passwords. Anything beyond 7-bit ASCII is just asking for trouble.
The side of my brain that manages organizational changes wonders: how does Apple, a 50 year old company of tens of thousands of engineers and over a trillion USD market cap, manage to keep feature velocity high while not making more of these types of errors?
The bug seems low likelihood but high severity for the few affected users. Other than simply never changing the login keyboard (or any of the keyboard code) or having nearly 100% test coverage, how does a company not accidentally have more of these types of issues?
> how does Apple, a 50 year old company of tens of thousands of engineers and over a trillion USD market cap, manage to keep feature velocity high while not making more of these types of errors?
They don't. If you're anything other than an extremely casual user of iOS or macOS for a couple of years, you'll encounter things that really make you pull your hair out by shear magnitude of "how on Earth can anyone miss this!?".
They do. It’s just that the people using these devices won’t go public with it. I’ve seen so many bizarre bugs in my own experience but I’ve gotten zero articles on them by popular tech journals.
They do. Companies mess things up all the time. But only a fraction of bugs get discovered and then reported, so it appears that their quality is ok.
I have recently discovered several bugs in different products created by different companies. And none has been reported so far in my research despite the products' popularity. I am not surprised, since those bugs require specific combination of conditions to be triggered, which most people have never run into, like in this article.
And I don't even blame them -- the engineers probably could never think of such use cases and don't have those workflows themselves. You'd have to really go out of your way to use obscure workflows to discover them.
Although in this case Apple dropped the ball by locking user out and not providing any alternatives.
Seems like a front-end bug? So just access the API directly, or ask someone who knows how to do that? Plenty of iOS-focused reverse engineers out there.
> For the same reason, plugging in an external keyboard is also a no-go since freshly updated iPhones are placed in what's known as a Before First Unlock state, which prevents wired accessories from working until the passcode is entered.
The user can't even enter their passcode, how do you expect them to perform code execution?
Plugging in a USB keyboard is way higher level than what I'm talking about. You can contact a digital forensics firm, and they'll do it for you. It'd be custom hardware. Cellebrite-type stuff.
It’s an annoying workaround, but could he connect a USB keyboard (via a USB to lightning adapter) with the ability to enter the character? Does the passcode screen accept input from attached keyboards?
> For the same reason, plugging in an external keyboard is also a no-go since freshly updated iPhones are placed in what's known as a Before First Unlock state, which prevents wired accessories from working until the passcode is entered.
I feel bad for the guy and all the Apple users constantly sharing stories of being mistreated and abused. Stop giving these companies your money and consent.
I'm basically numb to it at this point though. Every few days we read on this site small permutations of the same story. Sometimes people here get a little extra backchannel support, but that's a token prize for the jester who made a king chuckle.
Then a few more days go by and everyone upvotes a new iWidget to oblivion because it has 0.1 new gigablahs or takes up a milliblah less of some bullshit nobody was asking for.
All while we collectively virtue signal that people are spending too much time and relying on technology too much.
Well, it's almost Monday let's see what new bullshit convinces everyone to keep getting fucked and pay for the privilege.
> I feel bad for the guy and all the Apple users constantly sharing stories of being mistreated and abused. Stop giving these companies your money and consent.
Here's a challenge: walk into a store and attempt to buy a smartphone that is not iPhone or Android.
This is the situation that consumers face. Some alternatives exist, but most consumers are completely unaware of them, because the alternatives have no advertising budget or retail presence.
I think it's quite similar to the political duopoly. Third parties exist, but they have no advertising budget, and moreover, in a Catch-22 situation, they get little or no news coverage, precisely because they have no advertising budget, and thus the news media considers them "not viable." That's a self-fulfilling prophesy. Actually the same situation exists in tech: Apple and Google get huge amounts of free news coverage in addition to their paid advertising. The media appears to feel no obligation to help people escape from duopolies; guess who pays for their advertising...
Yes, the phone market is bad. But, you know you don't have to do everything in a phone, right?
Want to take pictures? Use a camera. If it somehow auto updates your photos are still on an SD card.
I get convenience has led everyone to expect their phone to do everything for them, but it's not working. When you're in a pinch you will go to a 7-Eleven and grab food, but everyone would agree that buying everything there instead of real groceries is a terrible strategy. Just because something is convenient doesn't mean it's good.
Well I only use alphanumeric US keyboard standards ever since I found out, that certain characters unique to a language different from yours causes you lock out or massive headaches on a used keyboard with almost no print ink left on the keyboard in a Internet cafe in an other country around 2002.
Be aware of characters not passwords. I feel bad for the guy but not really blame Apple here.
English is my second language and ANSI etc is following a basic character usage. Everything must boil down to 0 and 1 in the end or American English.
It is a de facto standard and maybe knowing about it is as crucial as recognizing the difference between the imperial and metric system before heading for the moon. It is a life saver.
I agree with the recommendation, but it's absurd to not blame Apple here. There is absolutely nothing acceptable about what Apple did in this case, it's a major fuck-up to break password input in this way, and for no reason whatsoever.
> During in-house testing, which involved taking an iPhone 16 from iOS 18.5 to iOS 26.4.1, The Register found that Apple has kept the háček in the Czech keyboard, but removed the ability to use it in a custom alphanumeric passcode. The OS will not allow users to input the háček as a character. The key's animation triggers, as does the keyboard's key-tap sound, but the character is not entered into the string.
Sounds more like an actual bug than a decision to change the keyboard layout, if this happens only in the passcode screen?
Good on El Reg for doing some actual hands on fact finding.
I think the biggest lesson here is to back up. The reason for losing access to the phone is amazingly dumb but it could have fallen down the stairs for basically the same effect.
And do your could backups cross-provider. You never know what the "big players" are going to pull, and your lifetime customer value is less than the cost of a single support call.
The biggest lesson here is don't buy Apple products.
Steve Jobs would be rolling in his grave if he could see the software quality of the products that Apple releases today.
> Steve Jobs would be rolling in his grave if he could see the software quality of the products that Apple releases today.
lol, nah he wouldn't. He would of upgraded his coffin to plush and got a big screen to watch the money roll in.
I recommend reading up on his 80/90's antics. All he cared about was money and that the world was crafted by him.
He was widely known for intense bullying, lacking empathy, and ruthless manipulation, combined with a "productive narcissism" that fueled his obsessive drive for perfection.
1 reply →
Biggest lesson is Apple should allow you to downgrade OS, especially on old devices.
Or release some sort of open version once device is EOL'd.
Then an attacker could load an older, exploitable OS and gain access.
2 replies →
This is exactly the reason why I keep all my shit on an SD card despite Google deliberately making the external storage experience as painful as possible: slow access, broken writes, failed unmounts, no filesystem repair. Literally every time I restart my phone I need to put the card to my PC and repair the filesystem. Also, same card works extremely well when plugged into PC via random cheap USB card reader.
On PCs you still have Linux that resists enshittification and you can pick your own hardware, but it's a really sad state of affairs that there is literally no meaningful mobile system that isn't actively hostile to the user.
There’s a number of mobile Linux distributions around, some even run Android apps.
People need to wake up to the fact that Android has become iOS but worse.
The thing that bothers me about Android is the gimped file manager.
You wan't to access some files off your network using smb? Here install this third party tool and don't forget to give it full read/write access to your device.
> Byrne was hoping that the next update, 26.4.1, would introduce a fix for this, but its release this week has not helped.
Even if Apple restores the háček in a future update, wouldn't he still need to unlock the iPhone to install it?
You can always reboot to recovery and install an update that way.
Won’t that wipe all the user data?
1 reply →
That's what I was thinking, but the phrasing seems to imply that he did update to 26.4.1? Not sure how that was possible.
afaik you can update your locked iPhone with a Mac or Windows in iTunes... but it will still require a passcode after update, so ¯\_(ツ)_/¯
Nope, the ”trust this computer” dialog needs you to enter your passcode before any other actions are possible
3 replies →
after Apple removed a character from its Czech keyboard
I wonder what the thought process (or perhaps lack thereof) at Apple was. Did no one of the likely-somewhat-large team who did that think "wait, this could lock out our users who may have used that character"?
In the immortal words of Linus Torvalds: "WE DO NOT BREAK USERSPACE!"
Now one of the ways in might be those companies who claim to be able to break iPhone security for law enforcement and the like, but I'm not sure if they'd be willing to do it (at any price) unless you could somehow trick them into thinking you had some "interesting" data on there...
It’s wild that "verify existing passcodes remain inputtable" isn't the absolute first item on the QA checklist for any keyboard layout change. The Czech layout isn't exactly an obscure edge case.
The USB keyboard suggestion mentioned in the other comments likely won't work either because of USB Restricted Mode. After an hour of being locked, iOS disables data over the Lightning/USB-C port until the device is unlocked. It’s a perfect, recursive failure: you can't unlock the phone because the character is missing, and you can't plug in a hardware keyboard because the phone is locked.
Treating the passcode keyboard as a transient UI element that can be "cleaned up" rather than a hard security dependency is a massive architectural oversight. If the OS allows a character to be used in a passcode, that glyph needs to be permanently accessible in a fallback mode, no matter what the localization team decides to prune.
If I'd get a dollar for every annoying bug that Apple misses due to being hopelessly Bay Area brained, I'd probably get at least a free official Apple cleaning cloth every couple of years.
I agree with you and don't really get what Apple gets from removing a valid Czech character, but how would you test if all existing passcodes remain inputable without knowing the passcodes of all iPhone users?
The one way to do this that I could see is to include both the new keyboard and the old one and if someone fails to unlock with the new one auto report that to Apple (not the code, just that the unlock failed and that the keyboard might be the problem), then auto revert to the old keyboard on the next unlock attempt...
16 replies →
AI slop bot go away
The team is even larger if you consider that any past member counts - you only need to think about it once and add a test
Many people here are discussing a phase out. Just add an obscure key combo that won’t be triggered via normal use, and leave it there forever.
> Did no one of the likely-somewhat-large team who did that think "wait, this could lock out our users who may have used that character"?
I don't think we can assume the team is large.
While user base is well into billions. There are bound to be niche exceptions like this.
Honestly of the big companies sometimes I feel like Apple is the worse offender in i18n questions
Sure they have most of their stuff translated but some rough edges make me feel they do the bare minimum:
- Their ISO keyboard sucks. Sure their overall quality makes it good but of the major brands their Enter key is the most flimsy attempt at it
- Some long standing bugs https://discussions.apple.com/thread/250299816?sortBy=rank (which I had the impressions they were made worse in localized version or at least if you used a non American date format)
- General weirdness with translation missing sometimes
I remember switching to English, decades ago, after running into misaligned/cut-off localized text in the UI. I'm still using English to this day.
And from what I've seen, Apple's always supported fewer languages and input methods than Google/Microsoft, like they simply cant be bothered.
Since the beginning, iPhone keyboard is wrong in entering a character first, háček second. It has been the other way around on typewriters and then computers for decades. Then some smart guy at apple thought he knows better. One of those never-fixed-bugs.
Wait, really? I thought "dead keys" being diacritics prefixes, not suffixes, was pretty universal. At least that's how it works with ^, ´, and ` on macOS for me.
I used to have an emoji password for my Android phone, and had the exact same issue after a reset! It's an odd but pretty terrible failure mode for locking oneself out...
You say locking oneself out, but I decline to consider any situation where a password can be set but not later entered as one where the user bears even a modicum of fault.
I remember a website that silently removed everything but the first 8 characters from the "password" field upon registration but somehow didn't do the same on the login page. It took me several hours and several password resets to actually log in after registration, since for some reason the trimming happened client-side and only when typing the password manually (and I was pasting my password from a password manager).
We're so far down this path the language around the problem is distorted. Ownership has been perverted and the only thing you control is the bill.
Relevant xkcd: https://xkcd.com/2700/
Tangentially related, a relative bought a new Apple laptop a few weeks ago, and I was tasked with setting it up. The computer came pre-equipped with a Czech keyboard (apparently the US models weren't in stock and that relative needed a new computer as soon as possible, so they bought a Czech one).
Since the user doesn't speak Czech, I promptly removed the Czech layout and installed two other layouts, US English and Hebrew, for the languages that the relative uses to type on the computer.
For some reason, login screen just after boot still uses Czech layout, which means Z and Y are swapped and numbers must be typed with Shift (just pressing numbers outputs Czech letters like ěščř). So when booting up the machine (remember that you can't use fingerprint during first unlock), the user must type the password in whatever layout is physically printed on the keys, even though the rest of the OS doesn't even have a mention of that layout. Somehow afterwards the OS "can" see the list of the layouts and lock screen correctly chooses the English US layout.
Alongside of that, for some reason, the key that's supposed to type ` and ~ in the US layout types some nonsense instead (a plus-minus sign and a section sign), whereas the backtick key is for some reason located between left Shift and Z (good luck unlearning years of muscle memory typing ~/Documents in the terminal)
I lost all of my photos when I was a college student too. I was way too irresponsible to actually back anything up. Kind of a bitter lesson.
This is completely unacceptable from Apple. You CANNOT remove a key from the keyboard that's being used as a password.
Turns out they CAN and they WILL. The character has always been special on all Apple OSes.
as if they cared
Majority of California based companies employee English only or English and Spanish speakers possibly with some Indian language as well. This leads to lots of problems when you are bilingual or bilingual in other languages such as German in French. Neither Apple nor Microsoft under this sort of language swapping well. Never mind rarer languages like Czech or Greek.
> Majority of California based companies employee English only or English and Spanish speakers possibly with some Indian language as well [...] Never mind rarer languages like Czech or Greek.
That may be generally true, in this case Apple actually has an engineering team in Czechia that works on biometrics and authentication:
https://zpravy.aktualne.cz/ekonomika/apple-posili-v-praze-ty...
https://jobs.apple.com/en-gb/details/200636301-2611/software...
So could they finally fix their quotations marks in Czech? Probably no, they never cared, so why should they start caring now.
I'm a little impressed with Google. Recently the assistant started understanding when I speak Portuguese or when my wife switches to it in a text message. I hadn't had that experience before, the assistants would pick one language and mispronounce the other.
Alexa has an experimental bilingual mode but it's nerfed by its general failure to understand well.
This is a pet peeve of mine that makes it so annoying to communicate with friends and family who live in other countries.
I use danish and English and I must admit I don’t really encounter issues switching between them on apple or Microsoft operating systems.
Only thing I can think of is some features being available later in danish compared to the English release like the swipe keyboard in iOS.
Netflix can't even auto-translate subtitles (in the age of genai where we are close to generating entire movies from scratch). Let alone ever imagine that you'd want to see subtitles in two languages at once.
Language support is still such an enigma.
We run into this issue when watching Korean movies/dramas. My wife prefers Japanese subtitles and I prefer English/German. I haven’t found a way to enable two subtitles in Firefox (via extensions). So in those cases I usually download a release which contains subtitles in both languages and use a script to extract them via ffmpeg and then combine them into a single srt. Now the issue is that the lines of the different languages don’t always appear/disappear at the same time. This leads to text jumping up and down. I have tried to mitigate it by injecting white space where only one line is visible, but this again fails when the video player breaks long lines or when the location of the subs change to the top (because there is hard-coded text in the image). I feel like there must be a better way…
This really should be escalated to the point where Apple engineers build a one-off / custom iOS so that this person can unlock their phone and change their passcode. I'm sure this is in the realm of possibilities. It is such a bad look.
Even if he did have a Mac with the continuity feature enabled, I suppose the lock-screen won’t accept a paste from the clipboard of a Mac. (If it did, he could enter the correct passcode in any text editor on his Mac, copy it to the clipboard on the Mac, then paste it into the lock-screen on his iPhone)
Continuity has never worked on the lock screen and certainly not in the BFU state.
there was a time when I used a simple "§" in my password. turned out, some Android keyboards don't have the "§". Since then I play it safe with my passwords, using only characters I don't need a specialized keyboard for
I assume you can use a physical keyboard on an iPhone like I can on Android via USB? Presumably you could buy a wired Czech keyboard to access the device?
Twice I have had the touchscreen fail on Android devices and been able to get what I needed off them using a USB mouse.
For the same reason, plugging in an external keyboard is also a no-go since freshly updated iPhones are placed in what's known as a Before First Unlock state, which prevents wired accessories from working until the passcode is entered.
Makes sense why he didn't do this.
You can, after you unlock it.
As a non-English speaker I can really relate to this. I think the real mistake was Apple allowing to enter a non-ASCII password in the first place. E.g. on macOS the password fields have been locked to English character set, and I'm not sure why it changed on iOS.
> As a non-English speaker I can really relate to this.I think the real mistake was Apple allowing to enter a non-ASCII password in the first place.
As a non-English speaker (Czech, actually), it is clear to me to not use non-ASCII characters in passwords, or generally not use characters that are at different position on default English keyboard and locally used keyboards, i.e. use only ASCII alphanumeric chars except 'Y' and 'Z'.
As keyboard setting is per-user setting, keyboard may be different on login screen than on regular desktop (and once-login password prompts).
Are you aware that billions of people live in countries where they could go on the whole life without seeing an ascii letter?
That's not really true in any country these days.
4 replies →
The "real mistake" is changing things that used to work.
You can use emojis as passwords, do you think that's a good idea? They work now, there's a good chance that they won't be the same forever. See what happened to the family emojis
4 replies →
Well, alphabets change (especially emojis), rules change, etc, so keeping a single subset of stable and known characters is unlikely to be a bad idea :)
1 reply →
But why should non-English speaking users be forced to use an ASCII password if the rest of the OS supports their language just fine?
If you remember what was the encodings situation before UTF-8 became the norm... Let's say it was really ugly. E.g. there were at least two popular encodings for Russian Cyrillic letters — CP1251 and KOI8-R, and it was _very_ common for applications getting it wrong. Restricting things like passwords (and ideally even file names) to ASCII this was a practical necessity rather than an inconvenience.
3 replies →
To avoid apple inevitably fucking up and breaking things like in this case. The risk to benefit ratio for allowing this is just very poor
> I think the real mistake was Apple allowing to enter a non-ASCII password in the first place.
No that's obviously crazy!
This really reads like a modern Ancient-Greek story about inscrutable gods who suddenly decide to complicate your life for some unclear reason and don't respond to any prayers and rituals.
People are afraid of AI, but human organizations can be quite opaque as well.
That said, as a Czech, I wouldn't use any accentuated characters in my passwords. Anything beyond 7-bit ASCII is just asking for trouble.
The side of my brain that manages organizational changes wonders: how does Apple, a 50 year old company of tens of thousands of engineers and over a trillion USD market cap, manage to keep feature velocity high while not making more of these types of errors?
The bug seems low likelihood but high severity for the few affected users. Other than simply never changing the login keyboard (or any of the keyboard code) or having nearly 100% test coverage, how does a company not accidentally have more of these types of issues?
> how does Apple, a 50 year old company of tens of thousands of engineers and over a trillion USD market cap, manage to keep feature velocity high while not making more of these types of errors?
They don't. If you're anything other than an extremely casual user of iOS or macOS for a couple of years, you'll encounter things that really make you pull your hair out by shear magnitude of "how on Earth can anyone miss this!?".
The same goes for feature velocity.
They do. It’s just that the people using these devices won’t go public with it. I’ve seen so many bizarre bugs in my own experience but I’ve gotten zero articles on them by popular tech journals.
This bug got popularity that’s all.
They do. Companies mess things up all the time. But only a fraction of bugs get discovered and then reported, so it appears that their quality is ok.
I have recently discovered several bugs in different products created by different companies. And none has been reported so far in my research despite the products' popularity. I am not surprised, since those bugs require specific combination of conditions to be triggered, which most people have never run into, like in this article.
And I don't even blame them -- the engineers probably could never think of such use cases and don't have those workflows themselves. You'd have to really go out of your way to use obscure workflows to discover them.
Although in this case Apple dropped the ball by locking user out and not providing any alternatives.
Apple should get sued for this to oblivion, this is unacceptable.
Seems like a front-end bug? So just access the API directly, or ask someone who knows how to do that? Plenty of iOS-focused reverse engineers out there.
How? The article states:
> For the same reason, plugging in an external keyboard is also a no-go since freshly updated iPhones are placed in what's known as a Before First Unlock state, which prevents wired accessories from working until the passcode is entered.
The user can't even enter their passcode, how do you expect them to perform code execution?
Plugging in a USB keyboard is way higher level than what I'm talking about. You can contact a digital forensics firm, and they'll do it for you. It'd be custom hardware. Cellebrite-type stuff.
This is why DIY is important: it's an operational risk mitigation measure.
"Never do a major OS update on any Apple product" - this is the mantra I am telling myself always.
Just one more good reason to be doing unit tests
if you remove the hachek, there will be MANY locked out czech users. It's a symbol of national pride!
[dead]
It’s an annoying workaround, but could he connect a USB keyboard (via a USB to lightning adapter) with the ability to enter the character? Does the passcode screen accept input from attached keyboards?
As mentioned in the article,
> For the same reason, plugging in an external keyboard is also a no-go since freshly updated iPhones are placed in what's known as a Before First Unlock state, which prevents wired accessories from working until the passcode is entered.
Why can't people read stuff before commenting?
Today's free verse:
Why can't people read stuff before commenting?
Why can't people read stuff before?
Why can't people read stuff?
Why can't people read?
Why can't people?
Why can't?
Why?
?
It's mentioned in the article. USB devices are blocked until the passcode has been entered.
I feel bad for the guy and all the Apple users constantly sharing stories of being mistreated and abused. Stop giving these companies your money and consent.
I'm basically numb to it at this point though. Every few days we read on this site small permutations of the same story. Sometimes people here get a little extra backchannel support, but that's a token prize for the jester who made a king chuckle.
Then a few more days go by and everyone upvotes a new iWidget to oblivion because it has 0.1 new gigablahs or takes up a milliblah less of some bullshit nobody was asking for.
All while we collectively virtue signal that people are spending too much time and relying on technology too much.
Well, it's almost Monday let's see what new bullshit convinces everyone to keep getting fucked and pay for the privilege.
I basically have turned into this guy: https://youtu.be/8AyVh1_vWYQ
> I feel bad for the guy and all the Apple users constantly sharing stories of being mistreated and abused. Stop giving these companies your money and consent.
Here's a challenge: walk into a store and attempt to buy a smartphone that is not iPhone or Android.
This is the situation that consumers face. Some alternatives exist, but most consumers are completely unaware of them, because the alternatives have no advertising budget or retail presence.
I think it's quite similar to the political duopoly. Third parties exist, but they have no advertising budget, and moreover, in a Catch-22 situation, they get little or no news coverage, precisely because they have no advertising budget, and thus the news media considers them "not viable." That's a self-fulfilling prophesy. Actually the same situation exists in tech: Apple and Google get huge amounts of free news coverage in addition to their paid advertising. The media appears to feel no obligation to help people escape from duopolies; guess who pays for their advertising...
Yes, the phone market is bad. But, you know you don't have to do everything in a phone, right?
Want to take pictures? Use a camera. If it somehow auto updates your photos are still on an SD card.
I get convenience has led everyone to expect their phone to do everything for them, but it's not working. When you're in a pinch you will go to a 7-Eleven and grab food, but everyone would agree that buying everything there instead of real groceries is a terrible strategy. Just because something is convenient doesn't mean it's good.
1 reply →
Well I only use alphanumeric US keyboard standards ever since I found out, that certain characters unique to a language different from yours causes you lock out or massive headaches on a used keyboard with almost no print ink left on the keyboard in a Internet cafe in an other country around 2002.
Be aware of characters not passwords. I feel bad for the guy but not really blame Apple here.
English is my second language and ANSI etc is following a basic character usage. Everything must boil down to 0 and 1 in the end or American English.
It is a de facto standard and maybe knowing about it is as crucial as recognizing the difference between the imperial and metric system before heading for the moon. It is a life saver.
I agree with the recommendation, but it's absurd to not blame Apple here. There is absolutely nothing acceptable about what Apple did in this case, it's a major fuck-up to break password input in this way, and for no reason whatsoever.