Comment by Matl
8 hours ago
I agree with you and don't really get what Apple gets from removing a valid Czech character, but how would you test if all existing passcodes remain inputable without knowing the passcodes of all iPhone users?
The one way to do this that I could see is to include both the new keyboard and the old one and if someone fails to unlock with the new one auto report that to Apple (not the code, just that the unlock failed and that the keyboard might be the problem), then auto revert to the old keyboard on the next unlock attempt...
> how would you test if all existing passcodes remain inputable without knowing the passcodes of all iPhone users?
You basically can't ever remove an available character.
That includes emojis if they're allowed in IOS passwords.
Probably the better solution is to include some kind of special lock-screen keyboard that provides some fallback mechanism to input any character. Presumably there are similar edge cases where someone creates a password using one keyboard, then switches keyboard layout, and now can't re-enter it using the active layout...
Indeed. For example, most desktop operating systems have a keybinding for «search for any Unicode symbol by name and input it». That would make sense to have as a fallback button on a virtual keyboard too.
The iOS emoji selector is close in UI/UX already, but the search is restricted to the emoji range of Unicode.
Wonder if you can get it to enter effective. Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗
You can but you have to tie it to actual devices and a point in time, not simply a specific OS version. Essentially, all devices that existed before the change must still support the old set of characters and devices produced (or sold or activated) afterwards can support the reduced set.
Or wait until a future OS version that will not support any device currently in existence.
This fails if they let you keep your password migrating between devices, though, so you probably need a version somewhere in the middle that flags it as an issue and flags it as not allowing migration without changing the passphrase.
2 replies →
You can guarantee it by not removing characters from the keyboard used for password entry. If the set of characters available before the change is a subset of or equal to the set after the change, then all existing passwords must still be enterable.
If allowing that character in the first place was a mistake, then Apple has pushed the consequences of their mistake onto the users instead of owning the mistake and keeping that character available forever on existing devices.
Phased roll-out. You first introduce a version that still accepts all extant inputs but will actively warn that there are characters that will be removed in a future release.
Then you wait. Then you roll out a version where the new functionality is flipped on by default, but where you still allow to explicitly toggle to the old one. Then you wait some more.
And then - only then - you roll out a release where the old functionality has been removed entirely.
Meh, I think you keep the old keyboard and set a password expiry. New passwords use the new keyboard. Or, if you're in a rush to remove the old code, _after_ next login you require password replacement and use the new onscreen keyboard from then.
It might be tricky when user upgrades while jumping the “headups” version.
There should be migration taken into consideration that is kept to any previous version allowed to be upgraded from.
And perhaps also introduce an upgrade blocker, as the keyboard app notifies the system of a situation that would be unsafe to upgrade to newer releases
That’s dangerous. Apple fooled me with the iOS 26 glass theme, it’ll be a while before I install another major update from them. I know many people still on iOS 18. I doubt many of them will update until either Apple fixes their UI/UX or they upgrade to an Android.
For other features, yes, but not this. Of course people will work around the warnings and then suddenly they're locked out of their whole phone?
You assume the worst case: every character that could ever have been entered is in use.
Yes, it really is that simple. They chose that responsibility the moment they allowed those characters. Any deductions done after that need to have a failsafe with the expectation they will break a clueless user's device.
If passwords are Unicode then you need a way to input arbitrary Unicode (e.g. a Character Map dialog).
There is a list of valid characters accepted for a passcode. That list was created, the characters debated, and a consensus reached by Apple engineers (I hope, for all our sakes. I don't want to imagine a world where this bare minimum level of engineering diligence wasn't done by a trillion dollar company)
Just have an automated keyboard test for every new release to ensure those characters aren't broken.
Agreed, but just to be clear; I was asking how would you test that assuming you still wanted to remove a character that was previously present.
It's literally a matter of an automated test that sets a password using every character on every possible keyboard type, then tries to type that password in on the lock screen. There's not even that many keyboards, that test would take what, an hour to run?
Right, but this test basically means you can't ever remove a character if it was ever present. I was assuming that you still want to remove it (for some reason) and wondering how to safely test the change.
You create two keyboards and use them both and test them separately. Then you create a keyboard update flow. And you test that. Then you make sure you test that the old keyboard shows until the user changes their password.
A very simple alternative also would have to have provided a way to do a rollback to previous version until first complete boot after update at least. Would probably also cover for other kinds of problems.