To the person that believes this article is not relevant in 2023 because of FaceID and TouchID - all you have to do is fail FaceID or TouchID and the passcode is required to unlock the phone. Thieves are stealing the phone and the passcode from the user, either by watching them, or by force. Most occur in bars when people are drinking and their judgement is lowered and they become easy targets.
I use another phone that has no financial apps on it. I take this out into the community. On my Apple Watch I deleted all financial apps. I use these at home on my iPhone
Sorry, but isn’t this fear mongering? My FaceID works great and very rarely do I ever need to enter a PIN. And if it happens in public I sure as hell don’t hold my iPhone in such a way that bystanders could easily see what I enter. People have been hiding PINs for years (or they should be) when they use their debit cards to buy something. This should b second nature.
if someone holds a gun to your head there’s not much you can do, but that’s an extreme situation. People living in areas where this is likely probably already pay attention to what’s on their iPhone.
if you say “Hey Siri? Whose phone is this” it’ll lock biometrics and require a PIN. Apple could change it so instead of needing a PIN it needs your Apple ID password. Then again, that person with a gun could then demand your Apple ID so it’s not much use.
I just don’t see why it’s the responsibility of Apple to deal with such an obscure problem. Better to teach people how to be responsible as any method Apple uses can still be overcome with violence.
I disagree. If a platform holder controls so much of your digital life which, when abused, impacts a person in such a huge way (also mentally), they have a (a) responsibility to educate its users, (b) provide the necessary protections and keep advancing these tools and (c) provide support in case of escalations.
We need to bring the past back when security questions were asked. I guess very few thieves know the name of your first pet and the colour of your first car, etc.
The example cited in the WSJ was obviously a lady drunk out of her brains in a bar
Apple cannot defend against stupid users who chose to punch their code in a crowded bar scene drunk
I seen people in bars give codes to people they met after a couple hours and drinks
I've heard one story where I woman wants to give a guy her phone number. He goes to put it in contacts and she says it'll be easier if she types it. She then proceeds to open his Venmo account and transfer money to her account.
It's important to keep in mind that the Wall Street Journal has become a conspiracy-fomemting rag that's just the print version of Fox New$. Consider that they *cough* "broke" the story under this hysteria-inducing headline, which I quote verbatim: "A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life" This is like saying "A Basic Master Lock Feature Helps Criminals Steal Everything You Own" and then learning that this "feature" is keys. I can only hope that Apple attorneys sue their ass to kingdom come for such product slander, but WSJ is probably protected. This has nothing to do with "a basic iPhone feature" -- passcodes and passwords to enter digital devices are in common use everywhere and have been since tech security was in its infancy. But this article makes it sound as if iPhone was the only device in the world using a passcode for security, now augmented by FaceID. And DUH!, yes, if a criminal gets access to your passcode or password they can access whatever is on that device and wreak havoc in your life. This should not be news to anyone.
The only real news here is the criminal lengths to which criminals are now going in order to illegally obtain your passcode. It's a good wake-up call to owners of every kind of phone to beef up their security with longer passcodes and biometric access. But no matter what you do, the threat of bodily harm to you is a "key" that will open whatever device you have. Banks sort of solved a similar issue with bank cards by limiting the amount of money that can be withdrawn in a day. Phones, unfortunately, have no such option to limit the damage that can be done, so staying aware in public surroundings is your only protection.
Interestingly enough, if you DON'T put a passcode on your phone, you're unable to reset your AppleID password without first entering in the old password.
It's interesting that the article shows a pic of a phone with a 4-digit passcode. Maybe I missed the part where they said to create a longer passcode.
A 6-digit passcode with elentey-seven billion permutations is great, but that's not a lot of help when the game plan is to observe a potential victim opening is phone via passcode then steal the phone.
Attention Detection is a good thing but what if someone just snatches or finesses the phone out of your grasp and holds it to your face. How many people would have presence of mind to avert or close their eyes while taking some appropriate action – fight or flight.
One thing that's always angered me with Apple ID password change is that the majority of times I've had to change it, it takes too long to populate to my other devices. Then I get all sorts of popups saying this or that needs authentication and many of those don't play well with the new password. I want Apple to bring back Touch ID to be used along with Face ID.
An alternative (although sometimes a bit cumbersome) is to lock changing the settings:
In Settings > General > Screen Time you'll find Content & Privacy Restrictions. Once you turn that on you can set a passcode to change the settings. For example, if you Don't Allow changing the Passcode or Account Changes you need to enter the extra passcode to set it to Allow before you can make changes to either passcodes or accounts.
The cumbersome part is when you do actually want to make changes, you need to allow them first. But how often do you change your passcodes or accounts anyway.
After reading this article in the Wall Street Journal and now, here, I was left, wondering how the thieves actually got them to type in the passcode. Everyone has face ID or touch ID set up. Why were the victims not using it? I realized just now that if you push the volume up then volume down and then hold the lock button, it forces the user to have to type in their passcode in order to unlock the iPhone. Perhaps this is what the thieves did. Is it something that Apple should change?
Comments
you are in trouble..
I mean are people in 2023 really this stupid now?
Apple cannot defend against stupid users who chose to punch their code in a crowded bar scene drunk
I seen people in bars give codes to people they met after a couple hours and drinks
The only real news here is the criminal lengths to which criminals are now going in order to illegally obtain your passcode. It's a good wake-up call to owners of every kind of phone to beef up their security with longer passcodes and biometric access. But no matter what you do, the threat of bodily harm to you is a "key" that will open whatever device you have. Banks sort of solved a similar issue with bank cards by limiting the amount of money that can be withdrawn in a day. Phones, unfortunately, have no such option to limit the damage that can be done, so staying aware in public surroundings is your only protection.
A 6-digit passcode with elentey-seven billion permutations is great, but that's not a lot of help when the game plan is to observe a potential victim opening is phone via passcode then steal the phone.
Attention Detection is a good thing but what if someone just snatches or finesses the phone out of your grasp and holds it to your face. How many people would have presence of mind to avert or close their eyes while taking some appropriate action – fight or flight.
One thing that's always angered me with Apple ID password change is that the majority of times I've had to change it, it takes too long to populate to my other devices. Then I get all sorts of popups saying this or that needs authentication and many of those don't play well with the new password. I want Apple to bring back Touch ID to be used along with Face ID.
In Settings > General > Screen Time you'll find Content & Privacy Restrictions. Once you turn that on you can set a passcode to change the settings. For example, if you Don't Allow changing the Passcode or Account Changes you need to enter the extra passcode to set it to Allow before you can make changes to either passcodes or accounts.
The cumbersome part is when you do actually want to make changes, you need to allow them first. But how often do you change your passcodes or accounts anyway.