PROBLEM (as surfaced by @joannastern):
- Crim peeks over your shoulder, steals your passcode
- Crim snatches your iPhone, runs off
- Crim changes your Apple ID password, ruins your life
Some thoughts, with a suggested solution
🧵 (1/2)
PROBLEM (as surfaced by @joannastern):
- Crim peeks over your shoulder, steals your passcode
- Crim snatches your iPhone, runs off
- Crim changes your Apple ID password, ruins your life
Some thoughts, with a suggested solution
🧵 (1/2)
SOLUTION:
- Buried in the Screen Time Settings, Apple lets you set up a 2nd passcode
- The idea is to prevent your kids from changing things (like your passcode) unless they know the 2nd passcode
- Hide the risky settings (like the ability to change your Apple ID pwd) behind this second passcode
- Someone steals your phone, this limits the damage they can do
Apple could surface this, have your set up a second passcode when you set up your first one.
Thoughts?
🧵 (2/2)
//@gruber @joannastern
@davemark @joannastern That's a good option - does that same iPhone passcode reset work if you're using advanced data protection?
My mindset has always been, if someone gets my device it's game-over anyway.
Absolutely teach folks about the dangers. But no matter how careful you are, a hidden camera will get your passcode unless you go to extremes, and folks won't do that.
My thought is, make the second passcode an options, let folks know about it, make it easy to set up, especially when you travel. Make it as easy to set up as turning on Airplane Mode.
An added level of protection, buys time if someone steals your phone.
@davemark Someone went through the idea of a burner password, that unlocked the phone, but into a fake user that had no actual data. So if you were forced into revealing a passcode by a mugger it could stop you getting hurt, but not actually be useful. Or a code that nuked the phone…
@sabino It's not set up for this now. As is, it's designed for parents to hide settings from their kids. And it is hard to find.
@davemark @joannastern The first passcode can technically unlock the contents of the secure enclave, that contains all the stored password and sensitive informations.
Adding another code doesn’t solve the problem: even if you do a fake software-lock in the settings screen, an attacker can autofill your password from any site and inspect the contents of the password text field.
@dzamir @joannastern Solid point. But key to this redesign would be preventing someone from changing the Apple ID password without that 2nd passcode. If you can't change the Apple ID, that buys me time to brick my stolen phone, change the Apple ID password myself.
That click?
@davemark @joannastern It doesn’t solve everything. They may be able to see any financial data if you have those apps. If you use iCloud Keychain they can change passwords on accounts, etc., still locking you out.
But if they can see your Apple ID password stored in iCloud Keychain, they can still change your Apple ID password on a different device since they have yours, and it’s a trusted device, and will allow a log in to a new device when they get prompted.
@_doug_miller @joannastern For sure, as is, it’s a bit of a mess. Props to Joanna for the great reporting, raising awareness of the issue. That’s my goal here as well, getting the wheels turning in the hopes that Apple will take action.
@davemark if the AppleID is stored in the Secure Enclave and encrypted with the first key (login to Apple website, App Store purchases, login with Apple, iCloud Documents, etc), you can still use that stored password to change the password itself.
Your point is correct, but I don’t know if it’s implementable
@davemark @joannastern Absolutely yes. Perhaps Apple should also add a separate PIN to access iCloud Keychain on a phone which times-out, say, every 15 minutes. (Or, at least, that option.)
@davemark Why are people typing their passcodes in public? Isn’t this what FaceID is for? I can’t remember the last time I had to actually type my passcode while I was walking around in public.
@joec It happens. Face ID failed, or you had to reboot your phone, or you accidentally emergency locked it. Cause reasons!
@davemark @joannastern Isn’t there a bug that allows for this to be bypassed easly?
@davemark @joec or it’s bright outside and your transition lens go dark, you mask occludes your features, so that FaceID can’t recognize you no matter how you do the head bow 🙇♂️ gesture. Deleted all the important passwords on iCloud anyway. Apple should add an opt-out to how easy it is to change the password on iOS.
@davemark I will stand in place and spin 360 degrees while typing my passcode sometimes. If they have enough cameras to catch all or most of me from 360º then it's game over but that doesn't seem too likely.
@davemark @joannastern As it turns out, the screen time PIN is not a reliable method. There is a workaround.
How to bypass Screen Time Passcode:
Open settings app.
Go to screen time.
Tap Change screen time passcode
Tap Change screen time passcode again
Tap Forgot passcode
Type in your Apple ID and tap return
Tap Forgot Apple ID or passcode
Wait five seconds.
Enter Lock Screen passcode
You are now able to enter in a new Apple ID password.
@davemark @_doug_miller @joannastern I commented about this on your initial post of yesterday, but I just didn’t remember exactly how it was done. There is a ton of discussion about this on reddit. Unfortunately not a solution.
@davemark @joannastern “Screen Time” restrictions are not an actual account protection - they are to protect your kid from making a mess.
Apple should to implement an (optional) additional layer of protection for any account changes regardless of where they are made from.
@Siff absolutely. My point was that Apple has a great starting point to solve this. Raise that second passcode to protect against this sort of theft.