Entering passcode in open public spaces is not a good idea. Also it will be good to change the passcode frequently.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Permanently Locking Out iPhone Users
- Thread starter MacRumors
- Start date
- Sort by reaction score
I set it up (with skip option) and was able to remove Screen Time passcode using iCloud account…
also tried workaround it with “forgot” iCloud password, leading in the end to use the same device passcode I used for testing it (iPhone with Test name)
Totally broken feature
Screen below shows option after posting phone number when user don’t know other device passwords (there it should be blocked from further options)
I made yesterday 3 feedback tickets around these issues… and today under https://security.apple.com/
Attachments
Last edited:
Ah apple, if only the “faceID is not available right now please enter passcode” is fixed. Seriously why on earth is this prompt happening often?
You've just offended millions of people who will shame you because you've hurt their feelings.
Someone needs to sticky this post to the top. I consider myself a pretty savvy iOS user, but never once heard about this. Great tip.
The Apple ID password doesn’t need to be in the keychain at all. The recovery feature is to help users who forget the password but are still logged into a trusted device that had 2FA turned and know the passcode for that device.
So, the thief who learned your passcode and stole your trusted device could also change your password.
Huh! So many people opposed to living it seems!
To all the people who disagree with living, or are angry at my post, I’m curious as to why. I mean…
I’m also not sure what else can be done, overall. Apple can offer up a number of options, but if people don’t take advantage of them, what more is Apple to do? I lock my house up when I leave, but a criminal can still break the window and sneak inside. I’ve seen sooooooooo many (9 pages??) people posting here about how Apple sucks for basically not figuring out how to completely 100% provide a way in. If you could somehow provide them with a drivers license or state ID, Passport, some form of identification, then I’d think they should at the least just lock or unlock the account. But without all of the other methods enabled that they offer for recovery, what are other options? Too many people complain but don’t provide constructive options as to what can actually be done.
Last edited:
That isn’t the point. If the “solution” is “require the Apple ID password rather than the passcode for the listed operations” and the passcode gives access to the Apple ID password, requiring the Apple ID password is no solution at all.
Whenever I loose the keys to my houseI simply call the manufacturer of the lock and they replace it all for me, because it’s never down to the user’s fault.
One could of course protect the banking app from use of convenience features like biometric unlock.
Regardless of what the point is, Apple has chosen this as one of the recovery methods for forgotten passwords, so use at your own risk.
The majority of advice you quoted is easily in the user’s hand. Taking care of your stuff and having better password security are easily achievable. Crime will always happen and I don’t think that anyone expects that to change soon.
However there’s gonna be that same setup option in the watch app and that would then allow you to disable that function, right? Besides, the idea is great at least for the smaller market of cellular watches but would be of limited use for the others as Bluetooth range is short.
A randomised keypad would trigger a ton of wrong code input from the typical core user base that doesn’t care about technology the slightest. Maybe Apple knows its user base better than that.
Pay attention to how brazen thieves are now. They have no problem shoving a gun in your face and ordering you to unlock your device or get shot. They are upping the stakes. What will you do?
This is why they need duress codes/pws. The phone will appear to be working for like 1/2 hr to an hr and they locks down.
You've never had your iphone tell you it needs your passcode to activate faceid? I get that about once a week. Never been in an environment where faceid didn't work? it asks your passcode.
Apple.
@addamas, to clarify, are you saying that the Screen Time passcode can be removed using only the iPhone passcode (i.e., without knowing the Apple ID password) - even though (1) Screen Time Passcode Recovery is disabled and (2) Account Changes is disabled (Settings | Screen Time | Content & Privacy Restrictions | Account Changes = Don't Allow)?
Thank you for your assistance.
Read last few pages of this thread
Screen Time password also have exploit allowing to erase iCloud password on iPhone so it’s only slowing down from instantly going to settings > top option by thief
In the end iCloud password is reseted so it’s giving whole control over device and iCloud for attacker.
All required data is on iPhone already.
Currently Apple is reviewing my security breach report about it on security.apple.com
Apple, bring back Touch ID now. Full-screen wow-ness was of secondary importance to touch ID security. And you've had plenty of time to bring it back in another form. We know there is Face ID but many people dont like the phone unlocking itself without the physical deliberation of the manual finger-press.
I have had the same happen to me numerous times. Frustrating is what it is.
All that needs to happen is to have a second passcode, one passcode for unlocking the phone only and another one for everything else. Not that hard.
I always assumed this was intentional to make sure you have to input your password frequently enough that you dont forget it.
Usually it is fast. Not the same asking for a quick 4-6 digit number than going through the whole list of apps in the phone.
The Apple ID shouldn’t be able to be modified by the device’s passcode.