iOS 11 Security Concern

Discussion in 'iOS 11' started by dialogos, Sep 22, 2017.

  1. dialogos macrumors regular

    Joined:
    Sep 22, 2017
    #1
    After installing iOS 11 on my iPad Air and iPhone I noticed that I can change my apple account password with my passcode only by going to Settings -> Account name -> Password & Security.

    In Previous iOS versions in order to access and change your apple ID information you had to fill in your apple password. Now it's accessible with passcode only! - unless I'm missing something here :) -

    That raises the following concern. My apple ID password is as secure as possible. My passcode is secure enough but not as strong as my Apple ID. Doesn't that bring the Apple account security level down to my passcode level?
     
  2. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #2
    Prompts me for my iCloud password when I try to access it (and nowhere does it prompt for my passcode).
     
  3. dialogos thread starter macrumors regular

    Joined:
    Sep 22, 2017
    #3
    I'm going to Settings -> "account name" -> Password & Security (no password asked) -> Change password.

    Here I get the message :

    Enter Passcode. This iphone can be used to change your password because you are signed into iCloud and have a passcode enabled.

    With my passcode I can change my apple password now !! It happens in two devices.
     
  4. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #4
    Not sure what it is, but seems like there must be something else in play there that would be behind it. For me it works as usual: Settings > "Account Name" > Password & Security pops up a password dialog box asking me to enter my iCloud password.
     
  5. KGB7 Suspended

    KGB7

    Joined:
    Jun 15, 2017
    Location:
    Rockville, MD
    #5
    Your debit card has a 4 number pin. And yet you are not concerned about it.

    So whats the problem?
     
  6. BugeyeSTI macrumors 68030

    BugeyeSTI

    Joined:
    Aug 19, 2017
    Location:
    Arizona
    #6
    My iPad says I have to enter 2F passcode sent to my iPhone to proceed
     
  7. dialogos thread starter macrumors regular

    Joined:
    Sep 22, 2017
    #7
    How's this related? for online purchases a debit card requires a password here in europe. But back to the topic...

    I'd rather have a strong password , as strong as my apple Id password.
    --- Post Merged, Sep 22, 2017 ---
    Just installed iOS on my wife's iPhone 5s . She has a totally different account. She is not even under family sharing !. Same problem. I will try to do a clean install later on my iPad out of curiosity.
     
  8. JerseyDoug macrumors regular

    Joined:
    May 10, 2012
  9. KGB7, Sep 22, 2017
    Last edited by a moderator: Sep 22, 2017

    KGB7 Suspended

    KGB7

    Joined:
    Jun 15, 2017
    Location:
    Rockville, MD
    #9
    Your iphone has a 6 number passcode and your debit card has a 4 number passcode. Its harder to guess a 6 number passcode than a 4 number passcode.
     
  10. dialogos, Sep 22, 2017
    Last edited by a moderator: Sep 22, 2017

    dialogos thread starter macrumors regular

    Joined:
    Sep 22, 2017
    #10
    ok. thanks for the contribution. When you grow up and hopefully you have family you may need to give your ipad to your kid to play some games. I don't mind a child having my passcode but I don't want the child to be able to change my apple ID security information my passcode only. This is an example of issues you may face ...when you grow up..

    Once again thank you
     
  11. JerseyDoug macrumors regular

    Joined:
    May 10, 2012
    #11

    Probably because you weren't signed into iCloud. I think that is the "key" here.
     
  12. dialogos thread starter macrumors regular

    Joined:
    Sep 22, 2017
    #12
    I was signed into iCloud in all of my devices.. ! I will try to get back in 5-6 hours to give you an update.
     
  13. JerseyDoug macrumors regular

    Joined:
    May 10, 2012
    #13
    Ok. For the record, I am signed into iCloud, have 2 factor authentication set and I only need my passcode to change my password.
     
  14. KGB7 Suspended

    KGB7

    Joined:
    Jun 15, 2017
    Location:
    Rockville, MD
    #14
    Im old enough to have 4 kids. Thank you very much.
    And if you made your concerns clear for the get-go, there would be no reason for these childish jabs from you.

    I just tested my iphone and ipad, and both ask me for my icloud password, not for passcode. Im guessing there is an issue with security on your devices.
     
  15. dialogos thread starter macrumors regular

    Joined:
    Sep 22, 2017
    #15
    I'm not here to argue with you sir.

    It's not only my device that has this "issue". I will do a clean install in one of my devices but so far it's happening to 3 devices we own (one with a totally separate ID).
     
  16. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #16
    Well, I’m using my Apple ID all across for iMessage, App Store, iCloud backup, contacts, calendars, etc. So I’m signed in.
     
  17. JerseyDoug macrumors regular

    Joined:
    May 10, 2012
    #17
    The message that pops up on my iphone and ipad when I want to change my password is "Enter Passcode - this iPad/iPhone can be used to change your password because you are signed into iCloud and have a passcode enabled."

    It appears that if you have passcode enabled you are able to change your password just with the passcode.
     
  18. KGB7 Suspended

    KGB7

    Joined:
    Jun 15, 2017
    Location:
    Rockville, MD
    #18
    Thats unfortunate that you are having this issue. I hope you resolve it.
    P.s.
    I upgraded my iphone 6S Plus from 10.3.3 OTA to 11, while ipad 2017 9.7 i did a fresh install via itunes. Hope that helps.

    Have you called Apple tech support? In my past experience, they have been helpful. If you get someone new on the phone, ask that person to speak to someone in level 1 or 2 tech support.

    A big OS upgrade such this one, has a very high chance of bugs.
     
  19. dialogos thread starter macrumors regular

    Joined:
    Sep 22, 2017
    #19
    I did all the updates OTA from 10.3.3 to 11 as well.

    No I haven't called Apple tech support. I will do it tomorrow. Thank you for your advice ! I will follow it :)
     
  20. KGB7 Suspended

    KGB7

    Joined:
    Jun 15, 2017
    Location:
    Rockville, MD
    #20
    You welcome!:)
     
  21. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #21
    I have passcode (and Touch ID) enabled, and I'm using various iCloud features and thus signed into my iCloud account, yet when accessing the option to change my password I'm prompted to enter my current password (and nothing about passcode comes up).
     
  22. Chazzle macrumors 68000

    Chazzle

    Joined:
    Jul 17, 2015
    #22
    Same issue here. I was not asked for anything besides my passcode for my phone to change my Apple ID password.

    Now here’s the icing on the cake.

    I entered my passcode to see what the next screen showed, which is a screen to make a new password. However, after tapping cancel, locking my phone, and even fully closing the Settings app, I can get back to the password change screen without entering my passcode again. It skips that step and brings me straight to the password change screen.

    Not good.
     
  23. Feenician macrumors 601

    Feenician

    Joined:
    Jun 13, 2016
    #23
    I can replicate what you’re saying 100%. Lets get this reported to Apple.
     
  24. KGB7 Suspended

    KGB7

    Joined:
    Jun 15, 2017
    Location:
    Rockville, MD
    #24
    Do a full whipe. Download a copy of ios 11 to your pc/mac. Set your apple iphone/ipad in to recovery mode, and reinstall ios 11 via itunes.
    Set up your device as new and Check if the issue is still there.
    If the issue is not present, Than and only than reinstall a backup from icloud.
     
  25. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #25
    As I recall, even prior to iOS 11, once you enter your password and authenticate yourself then it stays authenticated for a little while (not sure if it's something like 15 minutes or longer). That part of it isn't really new (and by design) as I recall.

    Not sure about the part of not being asked for the actual password and instead for just the passcode. I'm not only asked for the password but a lot of the time I'm even asked to answer a few of my security questions as well.
     

Share This Page

79 September 22, 2017