So I guess the answer is no.because if you did the entire phone can be virtually locked down.
That’s not apples fault though as you said.
Putting a screen time password in would virtually luminary this issue and checking the appropriate defaults.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
- Thread starter MacRumors
- Start date
- Sort by reaction score
The real issue isn’t made very clear, but the problem is that by default you can reset your apple id password with your device passcode. I’m not aware of any way to turn this off.
Unfortunately everyone who I’ve ever needed to log in to their apple id to install an app has reset their password. Most people just reset it every time rather than actually remember or record it.
Naw is because they make it harder to steal and compromise then apple phones. Even on some android phones you can set a boot pin so the device can't boot up unless a password is entered. Thief's know apple users are not generally tech savvy and don't protect their devices as well.
If you had the displeasure of actually watching the video, you'll see that the iPhone isn't ditz proof. Seriously, who uses a passcode instead of FaceID, especially in public? Well ditzes do. Joan @wsj is usually pretty good but in this case she never asked the interviewee, like why didn't you faceid? The other ditz thing to do is to use banking apps on their iphone. Shopping apps are bad enough but your banking account? Ditz, ditzier, ditziest,
An in-depth report published today by The Wall Street Journal's Joanna Stern and Nicole Nguyen highlights instances of thieves spying on a victim's iPhone passcode before stealing the device in order to gain access to the device, data, and money.
All of the victims interviewed said their iPhones were stolen while they were out socializing at bars and other public places at night. Some victims said the iPhones were grabbed out of their hands by strangers, while others said they were physically assaulted and intimidated. The report provides specific examples of these instances.
With knowledge of the iPhone's passcode, a thief can easily reset the victim's Apple ID password in the Settings app, even if Face ID or Touch ID is enabled. Subsequently, the thief can turn off Find My iPhone on the device, preventing the owner of the device from tracking its location or remotely erasing the device via iCloud. The thief can also remove other trusted Apple devices from the account to further lock out the victim.
The thief can also change an Apple ID's contact information and set up a recovery key in order to prevent a victim from recovering the account.
To make matters worse, knowing an iPhone's passcode allows a thief to use Apple Pay, send Apple Cash, and access banking apps using passwords stored in iCloud Keychain. Even if Face ID or Touch ID is enabled on the iPhone, thieves can simply bypass these authentication methods and an option to input the device's passcode is presented. In some cases, the report claims that thieves even opened an Apple Card by finding the victim's last four digits of their Social Security number in photos stored in apps like Photos or Google Drive.
Access to other passwords stored in iCloud Keychain allows the thief to further wreak havoc, as it could give them access to email accounts and other sensitive information. All in all, the report says thieves can essentially "steal your entire digital life."
Apple Responds
In response to the report, an Apple spokesperson said "security researchers agree that iPhone is the most secure consumer mobile device, and we work tirelessly every day to protect all our users from new and emerging threats."
"We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare," the spokesperson added. "We will continue to advance the protections to help keep user accounts secure." Apple did not provide any specific details about any next steps it might take to increase security.
In a tweet, Stern recommended that Apple add extra protections to iOS and introduce additional Apple ID account recovery options.
How to Stay Protected
In a tweet, Stern recommended that users switch from a four-digit passcode to an alphanumeric passcode, which would be more difficult for thieves to spy on. This can be done in the Settings app under Face ID & Passcode → Change Passcode.
iPhone users can also use Face ID or Touch ID as much as possible when in public to prevent thieves from spying on their passcode. In situations where entering the passcode is necessary, users can hold their hands over their screen to hide passcode entry.
To protect a bank account, consider storing the password in a password manager that does not involve the device's passcode, such as 1Password.
Article Link: Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
When did apple make it that easy to change your Apple ID password? I’m quite shocked by that part
You need both the code and the iPhone to log in. You can’t steal an iPhone with your eyes either.
I guess maybe it varies from person to person, but even in pitch dark, Face ID always works flawlessly. I have an iPad Air and while I love it, I have issues with Touch ID, mostly because I have skin issues in the winter. I'm upgrading to the iPad Pro, not only for that reason of course, but I'm looking forward to unlocking it just by looking.
Low-light conditions are where Face ID performs best. Under those conditions, there are few other sources of infrared to confuse the infrared camera and dot projector. It's outdoors, especially in direct sunlight where problem can occur.
If you are having Face ID problems in poor lighting, you should consider bringing the iPhone in for service.
That part is surprising indeed, but I’m thinking my best defense is to make the Apple ID on the devices that leave my house less important. I’ve been wallowing in the ease of having all the digital eggs in one basket with easy access.
How would that help? You’d still need a passcode as a backup/failsafe.
Well FaceID works in infrared so “poor lighting conditions” have no effect on its efficacy.
All you have to do is change your Face ID with your passcode in system settings, then go back and use Face ID to get in.
The fact that it’s a second password is the point.
If they’re tech savvy enough to realise that you can use a secondary screen time password to hide the passcode and Face ID section and block the iCloud account access section, and they have a gun, then they’ll just demand the iCloud password directly, surely.
I mean when you’re threatened with violence or death, most of this is moot.
—
It IS a ridiculous oversight to be able to change the iCloud password without entering the old one first though.
—
As a few have stated already in the thread, I personally think you should be able to set up a second passcode which only allows access to a limited amount of apps. That way if you’re out in a bar or somewhere and someone does what the article suggests, they can’t really gain full access, but you can still use the phone to access the web and messages or whatever.
Going with the theme a gun is held to your head it doesn't matter what the security, presumably you will give up everything. Else you can use a screen time password to lock things down.
What happens to other people is non of my concern nor care
I agree with your last point. I feel like they ask for me to enter the passcode WAY too often. I don't remember having to enter it that often with TouchID back in the day and I don't know why it would be any different with FaceID. It drives me nuts.
Yes I mentioned both of those things in the part of my post that you snipped. That still doesn’t make it right that it’s possible to change a password of an account solely by using the password of what is essentially a different account. It’s basically unheard of to not have to enter the old password for verification before changing it for a new one.
Wallet needs an option to use a different passcode to make purchases. 
And so you are part of the problem. Caring about others — friends, family and strangers — is what keeps us human.
Drives me nuts when I go to a big city and just saying "hi" to people as you pass them is received with shock and a weird look. Come on people, let's be nice to each other. And don't piss on the toilet seat!
