Apple’s iPhone Passcode Problem: 4-6 digits and a stolen phone ruin lives

[winb83]

If a thief gets your iPhone and can guess or knows your passcode they can easily hijack your Apple ID and lock you out of everything.
This is because on your phone your previous or current Apple ID password is not required to change your password. Just a PIN number let’s you change it.

That’s ridiculously insecure.

 

[Deltron]

Droid gang wins again

 

[winb83]

Droid gang wins again

I will say I checked on my S22 Ultra and you can't change your Google or Samsung password without entering the previous password within the given menus. With Apple you can use screen time settings and a second pin number to disable access to changing Apple ID account settings and Password but it still doesn't require knowledge of your Apple ID password just another 2nd pin number.

I'm guessing Apple did this because your Apple ID password is something you barely use given Touch and Face ID. People probably would forget their passwords and later need to change them so your iPhone if you've managed to log into it is a universally trusted device that can easily change your password and account settings.

 

[Joe Sixpack]

This will be fixed in an update

 

[winb83]

This will be fixed in an update

Fixed? It's a deliberate design, not a mistake. It's supposed to be this way.

 

[Don Homer]

nikkas aint touching my phone. They know who i am

 

[levitate]

It’s alarmingly stupid that you can change your Apple ID password with just your pin code.

 

[winb83]

A woman who got locked out of her Apple account minutes after her iPhone was stolen and had $10,000 taken from her bank account says Apple was 'not helpful at all'

Reyhan Ayas was standing outside a bar in New York when a man snatched her iPhone and ran off. She said that was only the start of her Apple ordeal.

finance.yahoo.com

Apple basically told her to kick rocks. Her account is gone for good just because someone was able to target her, observe her putting in a pin number, then steal her phone. She didn't even have minutes to save that account.

Apple's response is that's rare so why should we care? Simple fix is require users to enter their current password to change to a new one.

 

[Family Lives Matter]

I have an iPhone as my work phone I can't stand that fukking thing and we have to change the passcode on it every 60 days.

 

[Boolean]

Too rare of a thing to happen for it to overhaul the current system

 

[winb83]

Too rare of a thing to happen for it to overhaul the current system

On Android you not changing your password on the phone without the prior password. You can't even get into your account settings without logging into your Google account even though it's your phone.

For Apple to say that a 4-6 digit code on a device that can be stolen gives a person the keys to the kingdom of their Apple ID is dumb.

This was only rare because it wasn't widely known. Now that it is this will become more and more common. If your phone is stolen and your pin compromised at the very least your account should be protected. That woman is now iCloud locked out of her other devices like her Macbook because of that. So not only did she lose her iPhone and her Apple ID she's lost all her other iCloud connected devices just over a simple pin number.

 

[StatUS]

You can turn this off/disable in Settings.

 

[boriquaking]

I have an iPhone as my work phone I can't stand that fukking thing and we have to change the passcode on it every 60 days.

You have to change the PW every 60 days because of the enterprise software, has nothing to do with Apple.

 

[winb83]

You can turn this off/disable in Settings.

No you can’t. At best you can go into screen time and set up a second pin there then lock your account on the phone. At that point you’ll have to go into screen time and enter that pin to re-enable account changes.

If account changes are enabled on your phone just entering the pin on your phone is enough to change your Apple ID password. If you don’t believe me try it yourself on your phone and see what they ask before allowing you to change your password from it.

 

[Family Lives Matter]

You have to change the PW every 60 days because of the enterprise software, has nothing to do with Apple.

I'm aware of that thank you for the confirmation