Apple Responds to Report About Thieves Spying on iPhone Passcodes(macrumors.com)
macrumors.com
Apple Responds to Report About Thieves Spying on iPhone Passcodes
https://www.macrumors.com/2023/02/24/iphone-stolen-passcodes-report/
9 comments
It's madness to me that all it takes to completely own an iCloud account (including one with yubikeys, advanced data protection, etc set up) is an iPhone passcode.
It should be possible for security conscious users to disable the "change iCloud password with only an iPhone passcode" feature. That would largely fix all these concerns. I think that it should be disabled by default if you set a recovery key or enable ADP, especially if you have FIDO2 tokens.
It should be possible for security conscious users to disable the "change iCloud password with only an iPhone passcode" feature. That would largely fix all these concerns. I think that it should be disabled by default if you set a recovery key or enable ADP, especially if you have FIDO2 tokens.
If spying on a passcode is really the only way to get into an iPhone I say Apple is doing its job.
“In a tweet, Stern recommended that users switch from a four-digit passcode”
Who on earth uses a 4-digits passcode?
Who on earth uses a 4-digits passcode?
Ever since the launch of iOS 9 in June 2015, all Apple devices during out-of-box setup default to setting up a six digit PIN.
Maybe if Apple wants to be proactive over this, offer a "scramble pad" option for the lockscreen?
Maybe if Apple wants to be proactive over this, offer a "scramble pad" option for the lockscreen?
No idea, I still use a regular password b/c that was the fastest thing to type in on a BlackBerry. Never figured how people could memorize numbers more easily than words/phrases.
I don't know a single person outside of tech (and a handful of other fields like government and journalism) who uses anything besides the shortest possible pincode allowed. I believe most people would use no passcode if possible.
Really? I don’t spy on other people so I don’t know. But I know 6-digits passcode is the default and Apple makes it intentionally harder for people to switch to a shorter, I think it’s the norm. And if people are so lazy and lax with their security, what is the chance of changing 4-dits to a much more inconvenient password? Yes, old people cannot even use the soft keyboard without glasses!
In general, I don’t get the meaning of the article. Face-Id is so convenient and secure, 6-digits code is the norm. If people just follow the Apple instruction, they won’t need to worry about anything.
In general, I don’t get the meaning of the article. Face-Id is so convenient and secure, 6-digits code is the norm. If people just follow the Apple instruction, they won’t need to worry about anything.
No passcode is possible. I have it configured that way for a device I have mounted on the wall at home. But apple makes it difficult to do so, as in a lot of extra steps, warnings and reminders, not just initially but every single update too. They've made it inconvenient intentionally, which is good.
IMO the password reset procedure should start a waiting period during which you can’t remove the activation lock.