iPhone Passcode Problem — The Ugly Truth

preview_player
Показать описание

Apple’s iPhone has a passcode problem — if thieves can get their thieving hands on both, they can thief you of your whole, entire digital life in a matter of minutes. That’s according to Joanna Stern’s reporting at the Wall Street Journal.

TL;DW: If you go to crowded places like a bar, and type in your passcode obviously or frequently enough, big bads can see it, even record it. Then, if they can also swiper-most-definitely-yes-swiping your phone as well, they can use your passcode to reset the Apple ID password, ripping away your ability to Find-My it, and your access to your other Apple devices, and then promptly start spelunking through your apps and bookmarks for more.

That includes any apps or sites where your passcode can let the built-in Keychain password manager auto-fill access, including those with SMS-based 2-factor authentication — because they have the phone and will get that SMS.

Which could include banking and credit and cash and crypto apps, but also photos you might have taken of your drivers license, passport, and other documents, financial details and work product you might have mailed or messaged, and sexts and nudes, and any and everything else that could potentially lead to identity theft, blackmail, or other life and soul-crushing consequences down the line.

Now, wait, stop, hold-on. I don’t want to scare or sensationalize any of this for anyone. It’s absolutely a legitimate potential harm, but so is crossing the street, and that means the important thing here, the key to anything and everything like this, is… awareness.

Which is why I want to take a minute to really break it all down and go over it with you.

🚨 ETHICS & DISCLAIMER

All opinions are my own. This channel does not produce sponsored or paid reviews. Companies occasionally provide briefings or loan sample products to facilitate reviews but provide no payment and get no editorial input, content approval, or advanced previews. They see them for the first time when you do

Links may contain referrals for affiliate programs that provide this channel with a tiny commission should you make a purchase. They likewise receive zero editorial input or consideration

📝 CREDITS

📷 Some video and images via by Getty Images and/or AP Archives
🎸 Some music via by Epidemic
  1. Rene Ritchie
  2. Apple
  3. Rene Ritchie
  4. iPhone
  5. passcode
Комментарии
Автор

It's amazing how many people who will not use Face ID, or Touch ID because they don't want their fingerprint or something in a crime scene. Meanwhile they will put their birthday or something as their 4 digit passcode. Not sure why anyone would not use an alphanumeric passcode at this point.

timhershel
Автор

I think people underestimate how easy it is for our non-technical family members to lock themselves out forever when security is turned up to 11.

toddhensley
Автор

Situational awareness. Treat it like you do when you go to an ATM.

davidyule
Автор

In Brazil we use the screen time passcode as a second layer o security.

Often thieves point a gun to your head and ask for the password when stealing the phone, but if you lock password changes or account changes behind the screen time passcode, even with the iPhone password they will not be able to gain access to iCloud or change the iPhone password.

This often buy enough time for you to reset the phone through iCloud.

caiovianna
Автор

I'm finding more and more these days I'm cutting back on all the online accounts I've clocked up over the years and just keep it to a minimum. Finding these vile demons that want to ruin people lives very scary.

nickpmusic
Автор

One Idea: I think that the iPhone passcode should only give you limited access after being used. Face ID or Touch ID should be required after that to open up access to everything. In the event Face ID or Touch ID is not working, some other form of authentication should be required. Perhaps an additional security code or authorization from another Apple device.

TravisKale
Автор

Rene, thanks to bring this to the light. This is a major security issue here in Brazil where people rob your phone and force you to get the passcode

outrowender
Автор

Long time that I saw your videos Rene.. excellent topic covered and yes I agree with the balance what convenience and security can offer.. it shouldn’t be too easy or too tough..

sunboat
Автор

Rene, some commenters from another video shared this ScreenTime hack with me, I've implemented it and it seems to work. Go to settings/screen time/content & privacy restrictions/scroll down to allow changes: then select don't allow for Passcode changes and Account changes, enable these settings with a different PIN. This locks out the Apple ID menu in settings and completely hides the "Face ID & Passcode" menu. Not too inconvenient as I rarely use these menus anyway.

Johnobee
Автор

In my experience, all the banking apps on my iPhone use FaceID only. When FaceID fails, there is no backup using a passcode. You simply do not have access to the app. If you change/add a face on FaceID, the banking apps require to be setup again. The biggest threat as others have mentioned is allowing access to settings without another mechanism beyond a passcode. Even something as simple as an NFC ring, card or key would suffice. Heck, if you could have your iPhone completely lock if it loses sight of an airtag in your pocket/purse would be a perfect solution.

rogerf
Автор

The problem with requiring your old Apple ID password to change it is how do you change it if you've forgotten the old password? And you can't rely on resetting it via your email because the thief would presumably have access to your email on your phone. A better solution to this whole problem is the following:

1) 24-48 hour cooldown period before you can change the password to your Apple ID which would give you time to stop any potential thief from changing the password by locking down the phone or wiping it.

2) Instead of the device passcode, require Apple ID password (when FaceID doesn't work) to access the following in settings:
Passwords
Change Face ID
Turn on recovery key
Etc.

This could all be turned on as an optional setting for more privacy minded users.

gusparaguss
Автор

Go into Settings,  
select Screen Time,  
scroll down to Content & Privacy Restrictions,  
enable it,  
scroll down to the Allow Changes section,  
change "Passcode Changes" and "Account Changes" to Don't Allow. 
Set a Screen Time PIN to something different to your Passcode when prompted. 

This will protect your account as thieves won't know your Screen Time PIN and they won't be able to lock you out of your own phone.

StephenHamblet
Автор

Hi Rene! The grey hoodie looks fantastic on you. Thanks for the tips.

IleaneSmith
Автор

What most people in this comment section don't seem to understand is that if you're in a situation where a thief is holding a literal gun or anything life threatening at you while asking your phone's password you will give it to them. This is quite common here in Brazil and it has happened to me. Result? In a matter of minutes they changed my iCloud password and disabled Find My right away. The real problem is that the key for the front door of your house (passcode to unlock your phone) is the same one used to open up your safe (iCloud password). So yeah, this HAS to be changed as soon as possible!

enzod.coimbra
Автор

Thanks for sharing. I appreciate your thoughts. Blessings on your day 👍🏻

jeffhale
Автор

I’ve said for years that Apple need to implement a hierarchy of passcodes and passwords with differing levels of permissions and access.

This would make devices and Apple accounts more secure by limiting the scope of the often used passcode, and reserving the master password for the truly important tasks.

Passcodes should grant access to devices and apps.

Device Passwords should be used to change settings on devices. (Like using an admin password on a Mac).

A Master Password should be needed to make any Apple ID or account changes.

mikeward
Автор

I use face id but had to enter my passcode when I was wearing masks during the pandemic. Touch ID can fail in the winter time as well when your fingerprints change due to dry skin. I had to re-enter fingerprints about once a week before face id in the winter. I changed my password to 6 characters after seeing this and may go up to 8 characters. One thing that helps, though, is getting emails and notifications on my watch so that I don't have to take out my phone often when I am out. I do not have credit cards linked to my iPhone and I have a model that isn't attractive. My iCloud password is over 16 characters long so probably pretty hard to guess. It is a real pain to enter it on a phone.

movdqa
Автор

You can take away one problem by setting a DIFFERENT Screentime passcode that blocks changes in the AppleID settings, this way a bad guy can't change your account password and you can still use Find My. Remember that the passcode should be different!!

bastiaanbuitelaar
Автор

What is the probability of scumbags robbing you of your iPhone when leaving a bar at 3 a.m. ? Situational unawareness.

adegbenroagoro
Автор

Also. Use your screen time limits for settings and all banking or sensitive apps. 1 min. Then that requires a different 4 digit passcode.

ChrisTreborn