Screentime passcode requires your Apple ID and password. So passcode will not be effective here.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Google Announces Support for Account Passkeys
- Thread starter MacRumors
- Start date
- Sort by reaction score
The thief can easly get your Apple ID name by going to appleid.apple.com on your phone. Apple is nice enough to display your Apple ID when you try to sign in to this page. And once you enter your your Apple ID on the Screen Time Passcode Recovery screen you shown, select forgot Apple ID password at the bottom. It will then ask for the phone's passcode instead.
Last edited:
I just ran through the process on forgot screentime passcode. I chose forgot Apple ID password. It first asks for Apple ID, then it asks for verification from one of my backup phone numbers. It shows you the last four digits of your numbers, you will have to complete the numbers to get the verification code.
*update*
On a second attempt, you are right. It did asked me for passcode to change my appleid password.
When you select Change Screen Time passcode, a pop-up window at the bottom comes up with 2 options. Change Screen Time Passcode, or Turn Off Screen Time Passcode. Select 'Change Screen Time passcode'. Then on the next screen, enter your Apple ID, press enter, and then when the Apple ID password box displays, select forget password. It will then ask for the phone's passcode instead.
The passcode needs to be nerfed for sure. Basically gives you 100% control over your device and apple services.
In this case, I hope the screentime will buy me some time for me to remotely erase the device. Most thieves are not sophisticated enough to figure it out in time if at all.
A simple 4 digit pin for passwords will definitely set my mind at ease. So easy to implement. Please do it apple.
Of course the passcode can override that pin as well if apple still allows for password changes with the passcode.
I played around a little more.
I decided to skip using appleid to reset screentime passcode. But that puts me at risk if I ever forget to. So write it down somewhere.
Attachments
It's silly that Apple is very inconsistent with the phone's passcode. Sometimes it requires you to enter your Apple ID password when you download an App. If Apple thinks the passcode is good enough to change the Apple ID password, why not just ask for phone passcode when you download an App ? Same thing when you try to turn off Find My iPhone. Why not just ask for phone passcode, if Apple thinks the passcode is good enough to change the Apple ID password.
So silly Apple allows you to change your Apple ID password or access the Keychain with just the passcode.
So silly Apple allows you to change your Apple ID password or access the Keychain with just the passcode.
Better way is to deactivate passcode for faceid/touchid changes. Then use the password for keychain if biometrics fails like it does with the App Store. If biometrics can’t be changed, then it’s impossible to access the keychain without the password.
I setup screentime passcode for a second time with skipping of the appleid. Out of curiosity, I tried to reset the passcode. I click on forgot screentime passcode. It the asked me for appleid and password. lo and behold, my screentime passcode got reset and I changed it. I repeated the process again disabling screentime passcode and adding a new screentime passcode. Once again I skipped the Apple ID reset. And once again I was able to reset the passcode. Apple is a hot mess.
But then what's the point of passkey? Anyone trying to hack into account can do the same bypassing the passkey security.
Passkey authentication is way more secure and phishing resistant. Passkey is always 2 factor authentication requiring your unique device and biometric for it to work. Reducing the use of passwords to authenticate will protect you from phishing, keyloggers, and man in the middle attacks.
However, I still keep my passwords in the event that I do lose my device. All my passwords are paired with a 2nd factor authentication when available. I always avoid sms 2nd factor if I can. Google allows for u2f security keys as a second factor which is even more secure than using passkeys since the unique key cannot be duplicated like passkeys can via airdrop.
If you add a security key to your google account and keep your password, you are very secure. If somebody stole your password, hacker won't be able to access your account without the security key. I don't see a need to go 100% passwordless. There is still a fear for of me being locked out of my accounts permanently.
Unfortunately it is insecure on the iPhone. The iPhone Keychain stores your passkeys and passwords. The Keychain unlock first tries your biometrics, but it will then fallback to your phone passcode. Anyone that has your phone and knows your phone's passcode can use any passkey or password on your phone.
Agree. My contingency plan is to remote wipe the phone asap. Not much else we can do until apple nerfs the passcode.
I don't know if someone's posted about this already, but for what it's worth the suggestions in the 2nd video in the series (the first video in the post) are insufficient, even if you don't allow your screen time passcode to be reset with your Apple ID.
You need to additionally enable the "Location Services" "Don't Allow Changes" screen time restriction, as otherwise someone can reset your Apple ID password (with only your iPhone passcode) through the modal shown when you toggle "Find My iPhone" in "Privacy & Security > Location Services > Share My Location > Find My iPhone". Making this change is, however, pretty annoying as then all future apps not already given permission to use your location will be automatically blocked from using it.
Google has started rolling out support for Passkeys in Workspace accounts.
I enabled Passkeys for my organization but our users (including me) are still getting the message that Passkeys are not available to Workspace users. Anyone else seeing this?
I enabled Passkeys for my organization but our users (including me) are still getting the message that Passkeys are not available to Workspace users. Anyone else seeing this?