Hmmm, You usually talk sense 😏
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
- Thread starter MacRumors
- Start date
- Sort by reaction score
TouchID had the same 'disabled, passcode/word required' limitations.
Yeah, everyone was a computer expert prior to 2007. /s
Apple needs to make an iPhone reset both the passcode and a face scan. Not just the passcode. They don’t even need your Apple ID to reset it. Frankly it’s just some free lines of code to require a second step to do this. I had mine stolen after I drunkingly gave out my 6 digit. Thinking I was safe. Bye bye iPhone.
You didn't read the article, did ya?
If you do any banking or other secure activities on your phone, you should use an alphanumeric password of >8 characters. The passcode really does allow full access to anything on an iPhone. Banking apps that allow logging in with Face ID are only as secure as your passcode.
The same really goes for any device that can receive email though. Most of your Internet accounts can be accessed and reset with just your email. Unless you do literally nothing on your phone besides calling, texting, and have never used your number for 2FA, anything less secure than an 8+ character alphanumeric password is irresponsible.
The same really goes for any device that can receive email though. Most of your Internet accounts can be accessed and reset with just your email. Unless you do literally nothing on your phone besides calling, texting, and have never used your number for 2FA, anything less secure than an 8+ character alphanumeric password is irresponsible.
And iPhone occasionally asks for the passcode to unlock the phone at the most unfortunate times, even if you have done nothing to it to warrant this. Should just stick with asking for passcode 1. on restart, 2. on multiple Face ID attempts, and 3. user manually disables Face ID through a combined button press gesture.
Last edited:
I stopped using 4 digit passcode years ago, and only use alphanumeric. Only use Face ID in public. NEVER!! type a passcode even alphanumeric in front of someone.
I always feel anxious entering passcodes in public and try to do it as little as possible. I'm glad that for once there's a good reason behind my anxiety.
Yes, but there were a lot fewer situations where TouchID became unusable in that way.
Android has a nice feature in that you can set multiple users. You can have a secondary user that only has access to a tightly locked down feature set and only use that in crowds. The users the phone signs into is dependent on which passcode you enter.
This is an interesting issue. There is an authentication model flaw here. If you get privileged access to any iOS device then it's game over as all the authentication factors (PIN, FaceID, iCloud keychain) are available on the same physical device. You can then make account changes and remove other devices.
So if you use FaceID and cock it up, then have to enter a PIN and someone swipes your phone then the attacker here can likely remove the activation lock from the device, change your account data, anything.
We require a completely separate physical device for MFA authentication for work (Yubikey NFC). There should be an MFA bounce through any account changes on device at the very least.
So if you use FaceID and cock it up, then have to enter a PIN and someone swipes your phone then the attacker here can likely remove the activation lock from the device, change your account data, anything.
We require a completely separate physical device for MFA authentication for work (Yubikey NFC). There should be an MFA bounce through any account changes on device at the very least.
This is why I have a long traditional alphanumeric passcode on my phone.
"Stupid is as stupid does" - comes to mind, 4 digit "passcode", really?
They need to make a separate authentication for anything vital then. They have a separate pin for parental controls, so why not for something way more important??
It's not a flaw, it's just tech illiterate iPhone users getting Shoulder Surfed because they were using a short passcode in public to unlock their phones. So just don't use your passcode in a public easily visible space.
They didn't forget basic cybersecurity, they never learned it in the first place
This article and the fact that apple needed to even respond just shows how brain dead our society is. If you let your password get “stolen” by someone watching you enter it, that is completely on the user. Doesn’t matter what device they have. how is that at all Apple or any device makers issue? NEWs ALERT. Secuity researchers determine that passwords are not secure if someone watches you enter it. Really? How long did that study take
and the irony is they recommend 1password that was recently hacked.
and the irony is they recommend 1password that was recently hacked.
I did. And the risk of someone stealing your passcode decreases significantly if you have Face ID enabled. What am I missing?
Okay you got me there.
My point still stands. I'm so glad my elementary school forced us all to take a cybersecurity class
Apple should take note and work on improvement, as they always should, since security is a cat and mouse game. But users also have to be on alert. This is the digital version of putting your wallet in your front pocket or holding your purse tightly in busy public places.
Moreover, the lack of TouchID is the reason I still have a 2019 iPad. I HATED having to pick up my iPad Pro 10x every meeting to wake it up with FaceID (I use Notability for meeting notes as the pencil is organic and typing just feels and sounds rude). TouchID is quick and discreet...so I reverted to the last iPad Pro with ProMotion and TouchID. I would love to upgrade and use TouchID on the side button...but the iPad Air is a downgrade until it has ProMotion.
I think every iPhone and iPad Pro should have both.
Don't like one? Use the other.
Use your iPhone in nightclubs? Use both.
Just my $.02...
I think every iPhone and iPad Pro should have both.
Don't like one? Use the other.
Use your iPhone in nightclubs? Use both.
Just my $.02...
People get beatup at the ATM and forced to put in their pin and money gets withdrawn. Same same. Be aware of your surroundings and not have your head buried in your phone.
And even with all the digital security, they still forget physical security like not letting people tailgate you through a secured door or throwing out secured docs instead of shredding. Always makes me thing of Luck where Bob complains about the obnoxiously long password but doesn't watch that he's still being followed? I also blame it on their system of leaving the portal open for 5-10s after Bob entered.
“Your passcode is required to enable Face ID.”
I never want to see this again.
I never want to see this again.
I find no mention of that online. LastPass has recently been hacked though.