Apple improves iOS 9 security
By moving four-digit passcodes to six-digit passcodes and a splash of two-factor-authentication (2FA) to iOS 9, Apple will strengthen device security. This will make brute-force attacks more arduous and increase the number of probable codes.
In iOS 9, users that log into their Apple account from a new device or browser must first enter a verification code, allowing users to confirm their own new device while also alerting them when/if someone else is trying to access their account from an unknown device.
This new verification method does not use biometrics and only goes into effect when a user logs in from an unknown device.