Apple makes this "SOUND" great. I'm not sure how helpful a 1 hour window is to prevent Apple IDs from being reset.
If Apple cared about thieves taking over Apple IDs, they would require questions to be answered, along the line of first pet, mothers name.
Ugh. Security questions... So often I've run across situations where people have either forgot what they entered, or can't match the spelling/syntax exactly enough to get back in. (Did I spell that as "Springfield Jr High"? Or "Springfield Junior High"? Or "Springfield Junior High School"? or "SJHS"? or "Springfield Bulldogs"? or...) Also, a lot of the people someone knows personally also knows the answer to many security questions, especially family. They may protect against random strangers, but it actually makes things easier for an estranged spouse or sibling trying to gain access to your account. They're also often stored as plain text, to be flexible about capitalization and such, and the same questions pop up across multiple sites. It's like all the worst practices we've known for decades not to do with passwords, deployed as a mechanism that is often used to reset lost passwords. /facepalm
I actually treat them just like a password and enter random phrases, which are stored under the account in my password manager. (I use phrases instead of actual random characters in case I ever need to read it aloud to customer service.)
Apple makes this "SOUND" great. I'm not sure how helpful a 1 hour window is to prevent Apple IDs from being reset.
If Apple cared about thieves taking over Apple IDs, they would require questions to be answered, along the line of first pet, mothers name.
I thought the same but it says it requires biometrics too so the 1 hour timeframe should be ok:
"With Stolen Device Protection active, users won't be able to change critical portions of their Apple ID or device settings without waiting an hour and authenticating biometrics twice."
So you need biometrics to start the process of changing sensitive data, then wait an hour, then biometrics again. That should be enough to stop it happening. This is a very nice addition to the security.
Banking apps use biometrics and thieves won't be able to add new biometrics without the approval process either so this should be much safer than before.
I wonder if this is just an encapsulated feature of screen time. I already have all this activated in the event my phone gets stolen. There is no way a thief will get access to my phone and change credentials. It does take a few steps to set it up but once set up, it gives me peace of mind.
Our Service department has noted this may add hours to repairs. An hour for your new iPhone battery or display and you didn't sign out of FMI at home. Well, it could now be 3 hours!
Not sure how to feel about this. My phone Face ID kinked out and I can’t get it to recognize me for anything.
Sounds like you set up FaceID wrong. When you set up FaceID, keep looking straight at the phone while you move your head around in a circle. Maintain eye contact with the circle on the phone with your head in the circle as you move your head around, watching the green bars show it is complete. If your FaceID doesn't work, sounds like you broke your phone.
I’m not sure why this is necessary if you have two factor authentication set up. Even if they get into the phone they would need the code sent to a trusted device. No?
TFA isn't required on the iPhone because it is already your trusted device. So once you log into your phone with FaceID or passcode, you can go right into the iCloud settings and change the password using the passcode, if the thief duped you and got you to enter the code while they watch you. So within seconds, they can change your AppleID password and sign you out of all of your other devices and then lock you out of everything.
This new feature prevents that from happening while you are away from home and the feature activates. Then it requires two FaceID authentications, one hour apart. So then you have a chance to log into iCloud and disable the iPhone and protect your account.
great suggestions but how to do this--4 character long press ??? PS: I recommend to not use a PIN. Use a complex passcode. You have those long-press characters on the iOS and Mac keyboards, too, which means you can make a simple 4-character passcode that has over 3 billion possible combinations by using one of those characters. It also makes it a lot more difficult for something to see what you're typing in over a regular keyboard or a number pad.
I have an iPhone 5 that’s currently locked out for the next few months because I forgot which pin i set for it and kept inputting the wrong one.
What about adding a voice print like a phrase what is your birth date My birthday is——- where you speak a response phrase I like layers of security especially for critical settings or require touch or Face ID to change critical settings Or develop iPhone with BOTH touch and Face ID and critical settings require both
Everyone saying to use Screen Time forgets that if a thief has access to your device (without Stolen Device Protection) the thief can use the passcode to learn your Apple ID and password from keychain then use that to unlock Screen Time. Sure, it's an extra step, but you're only adding a couple of minutes to the thief having access to change your password.
Stolen Device Protection can't be bypassed without access to the original user's fingerprint or face, twice, in an hour. If anyone can think of how to bypass that without kidnapping the victim, then I think the feature works.
Everyone saying to use Screen Time forgets that if a thief has access to your device (without Stolen Device Protection) the thief can use the passcode to learn your Apple ID and password from keychain then use that to unlock Screen Time. Sure, it's an extra step, but you're only adding a couple of minutes to the thief having access to change your password.
Stolen Device Protection can't be bypassed without access to the original user's fingerprint or face, twice, in an hour. If anyone can think of how to bypass that without kidnapping the victim, then I think the feature works.
Keychain is better than nothing, but it's not a proper password manager.
Comments
"With Stolen Device Protection active, users won't be able to change critical portions of their Apple ID or device settings without waiting an hour and authenticating biometrics twice."
So you need biometrics to start the process of changing sensitive data, then wait an hour, then biometrics again. That should be enough to stop it happening. This is a very nice addition to the security.
Banking apps use biometrics and thieves won't be able to add new biometrics without the approval process either so this should be much safer than before.
This new feature prevents that from happening while you are away from home and the feature activates. Then it requires two FaceID authentications, one hour apart. So then you have a chance to log into iCloud and disable the iPhone and protect your account.
like a phrase
what is your birth date
My birthday is——-
where you speak a response phrase
I like layers of security especially for critical settings
or require touch or Face ID to change critical settings
Or develop iPhone with BOTH touch and Face ID and critical settings require both
Stolen Device Protection can't be bypassed without access to the original user's fingerprint or face, twice, in an hour. If anyone can think of how to bypass that without kidnapping the victim, then I think the feature works.