I never understood why FaceID is enough for some parts but for other parts you suddenly need the Passcode like why? Is Apple implying faceid is less secure than a 4 digits passcode?
A pretty straightforward fix for this would be to have a setting that, if the user wants, scrambles the numbers on the numpad passcode entry screen in a random order every time. So it's still your 6-digit passcode to get in, but the numpad is not always 1 2 3, 4 5 6, 7 8 9, 0. This way, someone spying from a distance can't just memorize the "pattern" of where you tap. E.g., pressing on the top right button does not necessary mean "3".
I think this points to the lack of compartmentalization with iPhone security.You just have to be careful when using your iPhone outside in public.
Apple needs to consider bringing back Touch-ID. Two Factor Authentication: Touch ID + Face ID simultaneously
To make matters worse, knowing an iPhone's passcode allows a thief to use Apple Pay, send Apple Cash, and access banking apps using passwords stored in iCloud Keychain. Even if Face ID or Touch ID is enabled on the iPhone, thieves can simply bypass these authentication methods and an option to input the device's passcode is presented. In some cases, the report claims that thieves even opened an Apple Card by finding the victim's last four digits of their Social Security number in photos stored in apps like Photos or Google Drive.
Access to other passwords stored in iCloud Keychain allows the thief to further wreak havoc, as it could give them access to email accounts and other sensitive information. All in all, the report says thieves can essentially "steal your entire digital life
Stop asking tech companies to babysit people and start educating people instead.
While you are absolutely correct, Apple should share some of the blames for allowing 4-digit passcode.In other words, don’t be an idiot.
You would have to be drunk beyond recognition for Face ID to not recognize your face and request a PIN. If you’re wearing a mask, just look down to unlock.
Why would anyone be entering their PIN in front of other strangers?
Actually, the issue is that with just iPhone passcode, which is far less secured than iCloud password, you can gain access to iPhone and able to reset iCloud password (without iPhone prompting asking for iCloud password again). This is a big deal and I would believe is a huge oversight from Apple. I'm forced to enter iCloud password to purchase free app on App Store, but not resetting iCloud password?
This is why you should enable Face ID
All of my major financial apps require either face id or a password for that financial institution. Apple pay is problematic in that if you know the passcode you can effect a transaction, maybe there should be a secondary password on Apple pay.
its piUnless you enable Face ID, this is the only way:
Yes it always comes down to Dilbert's "Everything is so secure noone can do anything"Pretty soon Apple will make it so secure that it is useless to use. For example, in the US military there was a program called Guardian Edge to encrypt files. It needed a password or 20+ characters (letters, numbers, and special characters), needed at least 5 special characters, no sequential letters or numbers, no characters that could form words of with more that 2 letters, had to be changed every 30 days, and can't use a previous 20 passwords. So secure, someone couldn't even get back into it.
And that is an issue too. Anything that should be secure should only use biometrics or a separate credential that is not the device code.The article is wrong about it being safer if you use a password manager such as 1Password on your phone. All apps on the iPhone (including 1Password) that is setup to use face-id, will accept your device passcode as a backup for face-id.
You probably would sleep better knowing that.Yes it always comes down to Dilbert's "Everything is so secure noone can do anything"
Apple must remove 4 digit codes in future updates for the sake of security.iPhone users still have four digit pins?! Wake up people !
I was wrong about ALL apps will accept the device passcode as a backup to face-id. I just tested it on Bitwarden, and the only backup to face-id it will accept is the master passcode of the password database. But a lot of apps will accept your device passcode as a backup to face-id.And that is an issue too. Anything that should be secure should only use biometrics or a separate credential that is not the device code.
Most secure websites setup don't even allow that for accounts as a comparison.Apple must remove 4 digit codes in future updates for the sake of security.
Yea just the loud insistance on reading them would have everyone ready with notepad by the time she actually did.Semi-related to the story.
I visited a tire shop last week to get my tires rotated. I'm standing in line waiting my turn; and the customer service person was assisting a woman who had purchased a set of tires, and she was checking out.
He totaled everything up, presented her with a itemized list, and she questioned each line of the list. Ok; no problem. She is just making sure of what she is purchasing.
He asked her if it was cash or credit; she told him credit. He instructed her to place her card in the reader. She declined, because she "didn't trust those readers". He offered to take the card from her and enter the digits manually, but she declined that option as well, because she insisted on just reading the numbers out loud, along with the security code and expiration date. As she is reading this off, he is typing it in.
I and another guy in line both looked at each other, then looked up at her reading off her credit card info in a very public (maybe 10 people in there) place. I still remember her security code (183) and her expiration date (05/27).
I'm guessing this person has had her card number stolen countless times, but it's always because of those damned credit card machines or employees swiping her number.
No, they have to appeal to the lowest denominator.While you are absolutely correct, Apple should share some of the blames for allowing 4-digit passcode.
The problem is not everybody wants or needs these extra security layers.The use of certain features should mandate stronger passcode or password, such as Wallet, iCloud Keychain Password, and Health.