Complex Passcode with Apple Pay?

[Sean7512]

Maybe I am just paranoid, but the security of using Apple Pay centered around fingerprints can be thwarted by an iPhone thief easily if you're using a simple passcode (4 digits).

Wouldn't the thief just need to know the 4 digit passcode (which hopefully isn't 0000 or 1234 ) and go add his own fingerprint in settings and then go on a shopping spree?

I went ahead and turned off simple passcode and am using a more secure password. I would highly recommend others do this as well.

 

[Tiptizzle]

Maybe I am just paranoid, but the security of using Apple Pay centered around fingerprints can be thwarted by an iPhone thief easily if you're using a simple passcode (4 digits).

Wouldn't the thief just need to know the 4 digit passcode (which hopefully isn't 0000 or 1234 ) and go add his own fingerprint in settings and then go on a shopping spree?

I went ahead and turned off simple passcode and am using a more secure password. I would highly recommend others do this as well.

Yes, much like if the thief stole your credit/debit card, they would be able to go on a shopping spree.

 

[jeremiah239]

Na I'm not paranoid. Think of all the things that would have to play out just right for somebody to actually be able to use your phone to buy something.

If your phone is lost or stolen use Find my iPhone to disable it.

Isn't it the same with a debit card? All the thief needs to know is a 4 digit number to use the card anywhere.

These days you should treat your phone like a wallet and don't leave it where people can get ahold of it.

 

[FourOhFour]

If you turn off simple passcode but use an entirely-numeric passcode, you'll still get the number pad instead of the keyboard when you need to enter your passcode, so you can have a more secure but still easy to enter passcode.

 

[Tiptizzle]

If you turn off simple passcode but use an entirely-numeric passcode, you'll still get the number pad instead of the keyboard when you need to enter your passcode, so you can have a more secure but still easy to enter passcode.

This is what I have done, but you still need to tap "done" after entering the numeric passcode which is an extra step.

 

[BrettDS]

That is an interesting thought. I figured that the fingerprint security was reasonably secure protection, but I hadn't considered the fact that with the passcode a thief could replace your fingerprints with his.

Again, this is assuming he gets your passcode and this should be more difficult to do if you use your fingerprint to unlock your phone so no one can see your passcode over your shoulder.

Using a stronger passcode definitely seems like a good thing to consider, and isn't nearly as inconvenient as it used to be either, since you can unlock your phone with your fingerprint most of the time.

 

[Sean7512]

Yes, much like if the thief stole your credit/debit card, they would be able to go on a shopping spree.

Understood, I am just pointing out a potential issue. It is obviously still more secure than using plastic, but something to consider at least.

----------

Na I'm not paranoid. Think of all the things that would have to play out just right for somebody to actually be able to use your phone to buy something.

If your phone is lost or stolen use Find my iPhone to disable it.

Isn't it the same with a debit card? All the thief needs to know is a 4 digit number to use the card anywhere.

These days you should treat your phone like a wallet and don't leave it where people can get ahold of it.

Yep, most people would use Find My iPhone to remote wipe it. A thief can always just use airplane mode and still make purchases though. I guess a determined thief will get the information one way or another, but hopefully ApplePay will be a deterrent and not worth the hassle when there is plenty of plastic out there.

----------

That is an interesting thought. I figured that the fingerprint security was reasonably secure protection, but I hadn't considered the fact that with the passcode a thief could replace your fingerprints with his.

Again, this is assuming he gets your passcode and this should be more difficult to do if you use your fingerprint to unlock your phone so no one can see your passcode over your shoulder.

Using a stronger passcode definitely seems like a good thing to consider, and isn't nearly as inconvenient as it used to be either, since you can unlock your phone with your fingerprint most of the time.

As a software developer, the first thing that comes to mind is Apple could make it so ApplePay only works with fingerprints that were on the phone when the card was added. This would definitely cause a usability issue with users and would be confusing though.

They could also use 2 factor authentication to add/remove fingerprints.

 

[Armen]

Maybe I am just paranoid, but the security of using Apple Pay centered around fingerprints can be thwarted by an iPhone thief easily if you're using a simple passcode (4 digits).

Wouldn't the thief just need to know the 4 digit passcode (which hopefully isn't 0000 or 1234 ) and go add his own fingerprint in settings and then go on a shopping spree?

I went ahead and turned off simple passcode and am using a more secure password. I would highly recommend others do this as well.

The Passcode system is the best Apple can do to help protect you. It cannot be completely replaced by the touchID system because if the touchID sensor fails you will not be able to access your own phone.

Besides, your wallet contains Cash, Credit Cards and your Driver's license and the only anti-theft measures is YOU.

 

[Vegasryn]

Airplane mode disables all wireless communication, which I believe should include the NFC...just a thought

 

[afsnyder]

EDIT: Whoops, completely skipped over the fact they can add their fingerprint once they get in lol

But yes you can disable the phone remotely if it gets stolen.

 

[Tiptizzle]

EDIT: Whoops, completely skipped over the fact they can add their fingerprint once they get in lol

But yes you can disable the phone remotely if it gets stolen.

But with the passcode, you can add/remove fingerprints is what they are saying.

 

[Agent-P]

If you have Touch ID enabled, why wouldn't you keep a more complex passcode? Not having to enter it in every time makes the increased security worth it for those couple of times you do have to type it in manually.

 

[Rigby]

Wouldn't the thief just need to know the 4 digit passcode (which hopefully isn't 0000 or 1234 ) and go add his own fingerprint in settings and then go on a shopping spree?

He could also disable Touch ID for Apple Pay, in which case the phone asks for the passcode when you make a payment.

I went ahead and turned off simple passcode and am using a more secure password. I would highly recommend others do this as well.

Yes, this is a good practice. In fact, the main benefit of Touch ID is that it makes a complex passcode practical, since you rarely have to enter it.

 

[caesarp]

Maybe I am just paranoid, but the security of using Apple Pay centered around fingerprints can be thwarted by an iPhone thief easily if you're using a simple passcode (4 digits).

Wouldn't the thief just need to know the 4 digit passcode (which hopefully isn't 0000 or 1234 ) and go add his own fingerprint in settings and then go on a shopping spree?

I went ahead and turned off simple passcode and am using a more secure password. I would highly recommend others do this as well.

And if you don't have your iphone (lost or stolen), you can wipe the cards, deactivate the cards or wipe your device completely. Also, you won't be liable for the fraudulent charges. So no -- I see no issues. Yes. you are being too paranoid.

 

[JWorld127]

Thats like saying someone can steal my car keys then steal my car then drive it to my house and open the garage since my garage door opener is in my car and then steal the gun I have in my bed room and go on a killing spree.

I mean theoretically it could happen.......Im just pointing out the potential problems with losing your car keys or getting them stolen..

These threads are so pointless.

Hey someone can go on a shopping spree if they know my 4 digit passcode but they cant go on a shopping spree if they physically steal my credit card....

Attention?

 

[Sean7512]

Thats like saying someone can steal my car keys then steal my car then drive it to my house and open the garage since my garage door opener is in my car and then steal the gun I have in my bed room and go on a killing spree.

I mean theoretically it could happen.......Im just pointing out the potential problems with losing your car keys or getting them stolen..

These threads are so pointless.

Hey someone can go on a shopping spree if they know my 4 digit passcode but they cant go on a shopping spree if they physically steal my credit card....

Attention?

Or I am pointing out that some people who think it is super secure because of Touch ID is misleading. You have no idea how many people will use 0000 or 1234 and not think about it again because they are using their fingerprint anyways, which is "secure". Touch ID is only as secure as your passcode.

Just take a look at wifi networks around a neighborhood, there are an alarmingly amount of routers that are using WEP (especially if its a Verizon FiOS community!). User's don't realize how insecure it is because "it has a really long password." Not knowing that WEP passwords can be broken in under 30 seconds...

I am hardly saying the sky is falling or anything like that so don't take it that way. The more people know, the better.

----------

If you have Touch ID enabled, why wouldn't you keep a more complex passcode? Not having to enter it in every time makes the increased security worth it for those couple of times you do have to type it in manually.

Yep, it is good advice for users of any Touch ID enabled iOS device.