Complex Passcode with Apple Pay?

Discussion in 'iOS 8' started by Sean7512, Oct 21, 2014.

  1. Sean7512 macrumors 6502a

    Jun 8, 2005
    Maybe I am just paranoid, but the security of using Apple Pay centered around fingerprints can be thwarted by an iPhone thief easily if you're using a simple passcode (4 digits).

    Wouldn't the thief just need to know the 4 digit passcode (which hopefully isn't 0000 or 1234 :eek:) and go add his own fingerprint in settings and then go on a shopping spree?

    I went ahead and turned off simple passcode and am using a more secure password. I would highly recommend others do this as well.
  2. Tiptizzle macrumors 6502

    Apr 22, 2011
    Yes, much like if the thief stole your credit/debit card, they would be able to go on a shopping spree.
  3. jeremiah239 macrumors 6502a


    Nov 1, 2007
    239 Area, FL
    Na I'm not paranoid. Think of all the things that would have to play out just right for somebody to actually be able to use your phone to buy something.

    If your phone is lost or stolen use Find my iPhone to disable it.

    Isn't it the same with a debit card? All the thief needs to know is a 4 digit number to use the card anywhere.

    These days you should treat your phone like a wallet and don't leave it where people can get ahold of it.
  4. FourOhFour macrumors member

    Jul 28, 2011
    If you turn off simple passcode but use an entirely-numeric passcode, you'll still get the number pad instead of the keyboard when you need to enter your passcode, so you can have a more secure but still easy to enter passcode.
  5. Tiptizzle macrumors 6502

    Apr 22, 2011
    This is what I have done, but you still need to tap "done" after entering the numeric passcode which is an extra step.
  6. BrettDS macrumors 65816

    Nov 14, 2012
    That is an interesting thought. I figured that the fingerprint security was reasonably secure protection, but I hadn't considered the fact that with the passcode a thief could replace your fingerprints with his.

    Again, this is assuming he gets your passcode and this should be more difficult to do if you use your fingerprint to unlock your phone so no one can see your passcode over your shoulder.

    Using a stronger passcode definitely seems like a good thing to consider, and isn't nearly as inconvenient as it used to be either, since you can unlock your phone with your fingerprint most of the time.
  7. Sean7512 thread starter macrumors 6502a

    Jun 8, 2005
    Understood, I am just pointing out a potential issue. It is obviously still more secure than using plastic, but something to consider at least.


    Yep, most people would use Find My iPhone to remote wipe it. A thief can always just use airplane mode and still make purchases though. I guess a determined thief will get the information one way or another, but hopefully ApplePay will be a deterrent and not worth the hassle when there is plenty of plastic out there. :)


    As a software developer, the first thing that comes to mind is Apple could make it so ApplePay only works with fingerprints that were on the phone when the card was added. This would definitely cause a usability issue with users and would be confusing though.

    They could also use 2 factor authentication to add/remove fingerprints.
  8. Armen, Oct 21, 2014
    Last edited: Oct 21, 2014

    Armen macrumors 604


    Apr 30, 2013

    The Passcode system is the best Apple can do to help protect you. It cannot be completely replaced by the touchID system because if the touchID sensor fails you will not be able to access your own phone.

    Besides, your wallet contains Cash, Credit Cards and your Driver's license and the only anti-theft measures is YOU.
  9. Vegasryn macrumors 6502

    Mar 31, 2010
    Las Vegas, NV
    Airplane mode disables all wireless communication, which I believe should include the NFC...just a thought
  10. afsnyder macrumors 65816

    Jan 7, 2014
    EDIT: Whoops, completely skipped over the fact they can add their fingerprint once they get in lol

    But yes you can disable the phone remotely if it gets stolen.
  11. Tiptizzle macrumors 6502

    Apr 22, 2011
    But with the passcode, you can add/remove fingerprints is what they are saying.
  12. Agent-P macrumors 68030


    Dec 5, 2009
    The Tri-State Area
    If you have Touch ID enabled, why wouldn't you keep a more complex passcode? Not having to enter it in every time makes the increased security worth it for those couple of times you do have to type it in manually.
  13. Rigby macrumors 601

    Aug 5, 2008
    San Jose, CA
    He could also disable Touch ID for Apple Pay, in which case the phone asks for the passcode when you make a payment. ;)
    Yes, this is a good practice. In fact, the main benefit of Touch ID is that it makes a complex passcode practical, since you rarely have to enter it.
  14. caesarp macrumors 6502a

    Sep 30, 2012
    And if you don't have your iphone (lost or stolen), you can wipe the cards, deactivate the cards or wipe your device completely. Also, you won't be liable for the fraudulent charges. So no -- I see no issues. Yes. you are being too paranoid.
  15. JWorld127 macrumors 6502


    Jan 12, 2013
    Thats like saying someone can steal my car keys then steal my car then drive it to my house and open the garage since my garage door opener is in my car and then steal the gun I have in my bed room and go on a killing spree.

    I mean theoretically it could happen.......Im just pointing out the potential problems with losing your car keys or getting them stolen..

    These threads are so pointless.

    Hey someone can go on a shopping spree if they know my 4 digit passcode but they cant go on a shopping spree if they physically steal my credit card....

  16. Sean7512 thread starter macrumors 6502a

    Jun 8, 2005

    Or I am pointing out that some people who think it is super secure because of Touch ID is misleading. You have no idea how many people will use 0000 or 1234 and not think about it again because they are using their fingerprint anyways, which is "secure". Touch ID is only as secure as your passcode.

    Just take a look at wifi networks around a neighborhood, there are an alarmingly amount of routers that are using WEP (especially if its a Verizon FiOS community!). User's don't realize how insecure it is because "it has a really long password." Not knowing that WEP passwords can be broken in under 30 seconds...

    I am hardly saying the sky is falling or anything like that so don't take it that way. The more people know, the better.


    Yep, it is good advice for users of any Touch ID enabled iOS device. :)

Share This Page