How to stop iPhone passcode allowing Apple ID password changes?

Discussion in 'iOS 11' started by Moonjumper, Apr 25, 2018.

  1. Moonjumper macrumors 68000

    Moonjumper

    Joined:
    Jun 20, 2009
    Location:
    Lincoln, UK
    #1
    I have recently got a new iPhone, so I am now on iOS 11. When I set my passcode, it set it up so that my passcode can be used to change my Apple ID password. This is terrible for security and I want to remove this ability. It seems you only need the passcode to set it up, which is something I occasionally share for a friend to use my phone, but even without that, can be seen when using. My Apple ID is a whole different level of protection away. I want to disable this passcode capability, but cannot find a way. Can anyone help please?
     
  2. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #2
    I'm not even sure where passcode could be used to change Apple ID password. Generally it will ask you for your actual Apple ID password before you can make Apple ID changes, and sometimes it will even ask you answers to some of your security questions too on top of it all. And that's without 2 factor authentication that goes beyond that.
     
  3. friednoodles Suspended

    Joined:
    Feb 4, 2014
    #3
    According to this document it's possible on iOS 10.3 and later in Settings, but I've never tried it: https://support.apple.com/en-us/HT201355
    (it may be that it's only available for accounts with two-factor enabled and that that's part of the process, too)
     
  4. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #4
    Doesn't seem like it says much about it aside from either you entering your password or passcode but not really when one would be used or the other. Must have some additional measures if it's just the passcode that's in play as that would be just too simple of a barrier to change the password for an online account basically.
     
  5. NoBoMac macrumors 68000

    Joined:
    Jul 1, 2014
    #5
    ^^^friednoodles beat me to it.

    With 2FA enabled, you can go to Settings > iCloud > Password & Security > Change Password where you will be prompted for the trusted device's passcode.

    https://support.apple.com/en-us/HT201355
     
  6. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #6
    So there's another layer of authentication then beyond a simple passcode, right?
     
  7. Nikiforidis, Apr 26, 2018
    Last edited: Apr 26, 2018

    Nikiforidis macrumors regular

    Joined:
    Jul 1, 2017
    #7
    You should't share the passcode. Your passcode and your Apple ID password are personal data. You should be the only person that knows them. When Apple designed this feature (change with passcode on trusted devices) they had in mind that you are the only individual that knows the passcode.

    If you are worried about the data your friends can access, you shouldn't let them know the passcode in the first place.

    What I suggest? If they want to access your device enter the passcode (without letting them know) and let them use the device. You also mentioned that you recently bought a new iPhone that is running iOS 11, your device probably has Touch ID. You can unlock it in seconds or you can even enroll your friend's finger is he/she is using it frequently, he/she would be able to unlock the device, but would not be able to change the Apple ID password, since the passcode is required to do so.
     
  8. niji Contributor

    niji

    Joined:
    Feb 9, 2003
    Location:
    tokyo
    #8
    so, if the original poster changes his apple ID password, then the passcode that had been able to be used will become invalid?
    still not getting how he disables the passcode.
     
  9. Nikiforidis macrumors regular

    Joined:
    Jul 1, 2017
    #9
    No. The current passcode of the device will be able to let you modify the Apple ID password, even if you change your Apple ID password.
     
  10. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #10
    With no other layer of authentication?
     
  11. NoBoMac macrumors 68000

    Joined:
    Jul 1, 2014
    #11
    Great idea re: Touch ID. Better option than disabling 2FA completely or removing phone from trusted devices.

    OP situation does not make sense in that you trust a person with using the device and its password, yet now concerned about the Apple ID. With the way everyone is tied to a mobile environment, you are in essence giving away the keys to the kingdom: can probably reset the passwords on everything one has from their phone via simple "forgot my password" links and the resulting "click this link to reset" emails.
     
  12. azeeb macrumors newbie

    Joined:
    Apr 20, 2018
    #12
    That’s correct.
     
  13. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #13
    That doesn't really seem to make sense that a password can be changed simply though a single simple passcode authentication.
     
  14. itsmilo macrumors 68020

    itsmilo

    Joined:
    Sep 15, 2016
    Location:
    Europe
    #14
    I don’t think it actually changes any passwords. it’s more like the passcode sort of replaces the need to enter the AppleID password and you can use either to gain access
     
  15. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #15
    Seems like the implication is that you can use it to access the ability to actually change the Apple ID password.
     
  16. Moonjumper thread starter macrumors 68000

    Moonjumper

    Joined:
    Jun 20, 2009
    Location:
    Lincoln, UK
    #16
    It does make sense. For example, my last girlfriend lived in an area with terrible phone reception. We would use each others phone based on which network could connect, or had battery life, etc. I don't use the Mail account for anything, so nothing to get there. Until now knowing my passcode was not much of a risk, and my passcode has been used a lot, so maybe other people have overseen it.

    My Apple ID on the other hand is tied to my developer account, so much more of a risk.

    And here is the thing for everyone. Someone gets your passcode. They can change that and change your Apple ID password. You are now locked out of retrieving anything easily.
     

Share This Page