Two that quickly come to mind:
- This affects fewer people now but when pandemic precautions were more widespread.
- When logging into an outdoor ATM via Apple Wallet during winter weather.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
- Thread starter MacRumors
- Start date
- Sort by reaction score
Two that quickly come to mind:
Here's an idea I came up with while reading the article: How about two passcodes? One just to unlock the phone and one to do the settings, Find My iPhone, Passwords, etc.?
I read the article and I wonder why more people aren't using face id and/or touch id from older hardware. The bottom line is you can't let your guard down. There may not be anything you can do for assault and armed robbery but at least you can prevent casual theft of your information.
The biggest issue here — and I was totally gobsmacked when I just checked — is that you can reset iCloud password with just the device passcode, no need to enter the old iCloud password. That. Is. So. Dumb. It means that anyone with your passcode can lock you out of your iCloud and prevent you remote bricking your device.
Apple sort of has that with the screen time passcode, but if you want to change your password and forget your secondary password?
Security is always a trade-off between convenience and... security. To each their own on that. But this is one reason I really like Samsung's Secure Folder option, and wish Apple would adopt something similar. The Secure Folder allows you to have an additional sandbox inside your phone that can require additional verification (pin, pattern, passcode, etc.) that's different from your main gatekeeper. So you can put the more important stuff in there, while keeping the stuff you want to get to with less security/more convenience at the main level. Not sure if I worded that well... but hopefully the point makes sense!
Edit: And as a side benefit, you can have to separate secure sessions with the same app on the same phone...
Edit: And as a side benefit, you can have to separate secure sessions with the same app on the same phone...
im a little confused on this article?
Are we saying, since criminals are stealing phones, apple should be responsible?
that couldn't be correct right?
Are we saying, since criminals are stealing phones, apple should be responsible?
that couldn't be correct right?
That's my take. If you get robbed of your car keys and a ne'er do well steals your car, is Ford responsible?
That was totally my first reaction too!
Shouldn't use a digits only password, if possible. And indeed, I have heard of situations where someone with a trained camera on your screen records the touch input and later uses that to access you phone. That technique would work even with alphanumeric passcode.
Honestly it should be emphasized in elementary school, alongside other life skills like how to manage your finances. I'm not sure how old you are (possibly younger than me) but I don't remember getting taught about cybersecurity. Education system always lags behind...
edit: It just occurred to me that many kids in elementary school already have smartphones, I didn't get one until almost high school. Gosh yeah now I do feel old 😬
Last edited:
I saw this on twitter thanks to a Mac-mixer and OS guru I follow
my message on how people should use their brain, watch, MacBook or another device to track the phone
and call one's bank notifyng them of made fraud or stolen account number.
but
realized this will never happen with an android phone, a story about severity risk and fraud.
and went about my twitter business in posting photos or turtles instead.
my message on how people should use their brain, watch, MacBook or another device to track the phone
and call one's bank notifyng them of made fraud or stolen account number.
but
realized this will never happen with an android phone, a story about severity risk and fraud.
and went about my twitter business in posting photos or turtles instead.
Actually, the issue is that with just iPhone passcode, which is far less secured than iCloud password, you can gain access to iPhone and able to reset iCloud password (without iPhone prompting asking for iCloud password again). This is a big deal and I would believe is a huge oversight from Apple. I'm forced to enter iCloud password to purchase free app on App Store, but not resetting iCloud password?
Just more fear mongering and click baiting by tech journalists pretending that some problem is somehow unique to Apple. Explain to me what Android does to stop someone from shoulder surfing your PIN on those devices, stealing your phone out of your hands, and finding a picture of your SSN and using it to open credit cards in your name. Oh, nothing more than what Apple does? Ok, thanks.
"Don't put all your eggs in one basket" is what I got out of it.
My phone is only used for receiving calls, watching movies and playing games. No banking, no important work. If someone steals my phone, they'll have hours of anime. Any thief who steals my phone runs the risk of turning into an otaku. You feeling lucky punk?😏
All of my major financial apps require either face id or a password for that financial institution. Apple pay is problematic in that if you know the passcode you can effect a transaction, maybe there should be a secondary password on Apple pay.
Some users may elect to enable the "Stab them in the Throat" feature to deter theft on certain iPhone models.
Pretty soon Apple will make it so secure that it is useless to use. For example, in the US military there was a program called Guardian Edge to encrypt files. It needed a password or 20+ characters (letters, numbers, and special characters), needed at least 5 special characters, no sequential letters or numbers, no characters that could form words of with more that 2 letters, had to be changed every 30 days, and can't use a previous 20 passwords. So secure, someone couldn't even get back into it.
"Taser their eyeball" security feature is due for the iPhone 23 release accounting to leaker IP Khuo
Struggling to see how this is even a story.
People looking over your shoulder while you tap in your pin is not news-worthy. But because "Apple" then the WSJ decides to publish this.
Was there any mention in the article about Android users being violated in the same manner? If not, then why not?
People looking over your shoulder while you tap in your pin is not news-worthy. But because "Apple" then the WSJ decides to publish this.
Was there any mention in the article about Android users being violated in the same manner? If not, then why not?
I remember going to a Verizon store to settle one of their many billing screw ups. I'm standing in line, the store is busy with people all around me and the customer service rep asks me for my SSN so they can verify my account. I yelled at him, "you have got to be kidding me with all these people in the store". I told him, you need to find another way.
I have been using alphanumeric passcode on iOS devices since 2014.
Using 4 digit passcodes is like using “admin” as your wifi router password.
That should definitely be offered as an option. Unfortunately, I'm ugly and my hands are chapped. Biometric sensors hate me. I could probably only get one of them to work at a time.