If someone holds a gun to your head you will give up the goodies. So let's take force out of the equation and if your device password is secure your iphone is pretty much locked down.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
- Thread starter MacRumors
- Start date
- Sort by reaction score
And if you tell them it's too complicated to remember and that you'd have to reference password manager. They'll kill you for thinking you're lying. Since most of the time you just use face ID. 😬
That is a major talking point of the article.
Thieves are stealing the passcode before the snatch job. Once they know the code, they have full access.
Changing your AppleID password should require 2 devices authentication.
No. They can generate a new recovery key from Settings or System Preferences on a trusted device signed in with your Apple ID. [Edit: or they could just tell it to stop using it.]
Set up a recovery key for your Apple Account - Apple Support
A recovery key is an optional security feature that helps improve the security of your Apple Account. If you lose access to your account, you can use your recovery key to reset your password and regain access.
I have been using multiple Apple ID’s for years to prevent being locked out of a single account that Apple wanted me to use for everything.
You will sleep better moving forward.
But if they don't think to change it? Or they're not aware. Could you still theoretically change your appleID pwd back if they changed the AppleID Pwd? Or is it still too late?No. They can generate a new recovery key from Settings or System Preferences on a trusted device signed in with your Apple ID. [Edit: or they could just tell it to stop using it.]
Set up a recovery key for your Apple Account - Apple Support
A recovery key is an optional security feature that helps improve the security of your Apple Account. If you lose access to your account, you can use your recovery key to reset your password and regain access.support.apple.com
Since these criminals are knowledgeable about this hack of easily changing the Apple ID PW, I bet they would be knowledgeable about the recovery code and take the additional 30 seconds to reset it too.
Maybe about the two devices. There is always a balance between security and usability.
That doesn't really answer the question though. If you have your recovery key can you reset your password and then maybe remove the compromised device from the account?
If you recover your account with the recovery key, you can remove any device on your account.
Yes, they were talking about a theoretical risk if the Secure Enclave is compromised. The problem is that people don't understand relative risk very well, particularly with technology.
The risk of not using biometrics is much higher than the risk of using biometrics because without biometrics a complex password is too inconvenient and a simple one is too insecure.
No, if the attacker resets the recovery key on your Apple ID account, your recovery key is no longer valid.
You can't recover your account with your recovery key, if the attacker reset the recovery key.
That is true but, I don't think that that is what he was asking. I interpreted the question as the owner changing the key before the thief did. Maybe I interpreted wrong.
I don't think so, the original question was "But if they don't think to change it? Or they're not aware. Could you still theoretically change your appleID pwd back if they changed the AppleID Pwd? Or is it still too late?"
I would bet the thief would change both the Apple ID PW and reset the recovery key at the same time. You can do both in under a minute..
To clarify, I was asking if the thief doesn't change the Recovery key. But successfully changes the Apple ID. Can you recover your Apple ID with the recovery key. If you're lucky enough that the thief didn't change it or isn't aware of it?
Theoretically you could change it to something else provided you were quick enough and had other trusted phone numbers. I would say it is a slim chance at best.
Oh, you mean if the thief only changes the password in order to log out of that Apple ID so they can use the phone with a different ID and they don’t remove the recovery key from the victim’s ID or log the other devices out after changing the password, then I believe the original owner should be able to recover the Apple account with the recovery key and a trusted device.
Sigh, yes. As you stated. Again.
However we are not talking about that specifically. Besides, you would need multiple passwords and two secondary pin codes to get into my banking apps or make me stand there and open each one by one. So a pincode or pattern code isn't doing it and at least on Android, out of this scenario.
Secure? Not if you have to manually enter it in an establishment and you get video'd or shoulder surfed.