• UPDATE: Apparently the iOS 17.4 beta has added an option to always require a security delay even at familiar locations, which is a great step. I still really want the ability to specifically choose the familiar locations, to prevent the passcode from being used at all for important tasks. • ANOTHER TIP: I didn't mention this but several have mentioned that you can actually use the "screen time" feature to add a second separate required passcode for certain functions like account changes. It's a great option but might make it annoying to access other settings like info in the icloud menu.
Is there a way to designate just one location HOME as a familiar location and that's it! Only HOME and nowhere else. Seems to me that would be a popular option.
Another tip: if you can't use FaceID for whatever reason (and if you have iCloud backup enabled! really important!) you can restore your iPhone by putting it into download mode, then restoring and reset it using a Windows/Mac. In most case you won't loose any data.
@@BillAnt I'd bet it's safer to use a relatively locked-down system, like a phone, instead of a computer where you have many more chances to install anything, good and bad, making the attack surface much wider.
@@HMijailAntonQuiles - Don't know about that, but what I do know is that in the past 20 years I've been using my computer exclusively for all my financial transactions, I haven't been hacked even once. I don't install every random app I find on the web, and don't click on every "You won a million dollars!" link either. And yes for dummies who do all that I don't recommend neither a phone or computer. lol I just feel more comfortable and easier to type on my real keyboard on a large screen than squinting at my phone screen. But hey, to each their own.
@@HMijailAntonQuiles - What I do know is that in the past 20 years I've been using my computer exclusively for all my financial transactions, I haven't been hacked even once. I think that's a pretty darn good track record of safety.
Update: iOS 17.4 beta includes the option to Always require a security delay instead of just unfamiliar locations, effectively working around this flaw.
It’s because normal people will find it annoying that the restrictions exist at all times. So Apple does you a favor and by default makes it so you don’t have to worry about it getting in the way!
An additional layer of protection in conjunction to using Stolen Device Protection is to set a 4 digit Screentime passcode, ENABLE Content Restrictions and then DISABLE the following two items: 1) "Allow Account Changes" and 2) "Allow Passcode Changes". This is the method I used before SDP became an option in iOS 17.3, and I intend to carry on using this as a "belt and braces" approach. Can't be too careful!
That’s Advanced Protection (I call it)😂👍 The iPhone will be useless for a thief! I don’t really understand why thieves keep stealing iPhones in 2024 when they’re aware of Find My and all of the security protection iPhone has? I see it as a bad investment for the thief himself…
@@Roy-ij1wq The screen time password is limited to 4 digits, so whilst it’s not that secure, it’s one extra barrier a thief would need to overcome and importantly, it does give you a bit more time to access your iCloud account remotely and change your main passwords. The normal screen lock password can be a random mix of numbers, letters and special characters, or a pass phrase which I personally prefer - e.g. several memorable words, each separated by a hyphen.
Great video, thanks! Apple did make this new feature a little over-complicated. It would have been better had they allowed you to specify your own significant location(s), that way you could potentially set just a single significant location (e.g. your home) where the additional protection is overridden.
*FYI I'm running iOS 17.4 Dev Beta 1 and there is a new feature to require security delay "Away from Familiar Locations" OR "Always", so no need to turn off Significant Locations, if that's what you're worried about.*
You can add an additional layer of security by turning on screen time and disabling account changes so it’ll be harder for thief’s to sign out of iCloud As you can’t go to settings-> screen time -> then content restrictions at the bottom turn off account changes
I also have implemented two additional security steps. 1. I set a pin for screen time and disabled passcode changes and account changes. This way even if they know your passcode they still can't change your device passcode or your Apple ID password. 2. I set up an automation in the shortcuts app that automatically locks the phone any time you open critical apps. The automation only applies if the phone is not connected to my home wifi. So for instance, you are sitting at the bar texting your SO and someone walks up grabs the phone out of your hand and runs while it's still logged in. They open the settings app, the phone automatically locks. It's really not all that much extra effort to just use your touch id or face id to quickly log back in. It's basically no different than how some banking apps request a touch id to open the app. I also applied it to my email app as well, because if they get access to your email they can start doing password resets on accounts you have tied to that email. And I have other apps set up that way as well.
Thanks Thio! 💜 Many people commented that there's a fix for this flaw in the iOS 17.4 beta, but the other topics in this video might be just as important.
You should activate Screen Time to YOURSELF -> and disable passcode and account changes (under Content & Privacy Restrictions). You ofc set a different numerical code here than your ”regular” passcode. After this, the thief now would have to know your passcode AND the different Screen Time code to do anything account or passcode related.. BUT…. This might not be 100% bulletproof, because you CAN reset the Screen Time code via AppleID, but it prevents the process to be ”familiar” and fast..
It's actually the Windows affect and every system (like iOS) that rely on compartments to provide security. It's the attempt to make the system easier to use providing some relief from constantly providing security info. Code in general has many of these to bypass security in special conditions to allow "trusted" connectivity and access. Windows had some famous ones where a file can be an executable internally and have a JPEG extension (.jpg) therefore bypassing some security filters. But when accessed, Windows does ignores the extension and rather looks at the file content, sees it's an executable, and runs it. Instant Malware installation. Developers are often shortsighted when solving problems. They are mostly looking for a solution to problem. It's more rare that someone thinks outside the box to see the potential issues. Those are the white hats that probe to find vulnerabilities. Black hats probe the same way to exploit the issue and ruin lives for profit.
More than anything, the video confirms why I don't use my Apple account for anything more than the most basic of functions. Thanks anyway Thio; a really informative video as always.
1) What if your phone faceID breaks? Can it still be recovered/transferred to a new phone? 2) On airplane mode on lock screen, what about the bluetooth lost beacon for powered off phones?
totally awsome and professional. Thank you for this valueable and useful information we should all take a half hour and do the things you suggested in our iphones. Keep up the great work.
I would have thought "significant locations" are places where you have unlocked your device (otherwise a thief could hang out in an area with your phone till it got added to the list)
There's a pretty easy work around to that. Sensitive settings like find my phone, face unlock and apple account settings should simply have different pin and not lock screen code. I never understood why they didn't apply that tbh.
I think that’s just too complicated for many users, having to remember multiple codes would become inconvenient and bothersome. Especially for elderly iPhone users. They can barely remember their one passcode or password lol
Good video. The Screen Time pin lock workaround seems more secure with less hassle (not having to wait an hour). The simplest solution that Apple could have implemented would be allowing you to choose a different PIN/Passcode for critical system services or apps.
Turn on screen time, set a different passcode for screen time, and under Content & Privacy Restrictions, set Passcode Changes and Account Changes to 'Don't Allow'. This way, even if they somehow got your regular screen passcode, they will not be able to make any passcode or account changes without knowing the separate screen time passcode that you set.
Screen time is a good way to ensure additional protection, you’ll rearly ever need to enter your screen time password, and a thief will need it to change your account settings and your passwords … it’s quite easy to set up too… screen time - set screen time passcode - content and privacy restrictions - account changes and passcode changes - select don’t allow … I kept this on even after enabling stolen device protection cause I’ll be keeping significant locations on… Keep in my mind, one time you’ll need to use your screen time passcode is when you yourself need make changes your account or passwords - eg. Face ID is hidden from menu so you’ll need to disable screen time to access it (well just allow changes - then change back to don’t allow after)
EVERY TIME I backup my phone, plug it in to charge via USB or even when downloading photos I MUST type in my passcode. It is needed a lot more than you suggest.
There goes your ecosystem, easily taken down in one swoop. I'm still puzzling how Apple still thinks it's better for the convenience over security to use the lock screen password to change anything on the Apple account, even after all these reported crimes happening in real life, they still blame the users and make half-baked adjustments to fix the issue. Like something as simple as requiring the phone to be unlocked to toggle airplane mode is not available and you have to hide the whole control center on the lockscreen to avoid that. My 5 years old Android phone has already been able to prompt the users to unlock the phone when they toggle certain items from the lockscreen and probably most phones before it. Clearly Apple has not thought about security enough.
they value what the consumer values. Its hard to force good security practices on users unless the whole industry does it, otherwise people will just switch to other companies or turn off the features. People love convenience.
Seems odd that Stolen Device Protection (SDP) requires Face ID to access certain features, but iOS still forces me to enter my passcode on a regular basis to use Face ID. Makes no sense if Face ID is the more secure authentication. I already have Significant Locations disabled to save battery.
Don't let others use your cell phone. Thumbs up, TJ--great information here. Here is a problem. The face recognition on my phone is bad. Better than half the time I need the passcode to unlock. I thought that is how things were with iPhones. I might lock myself out of my phone if I rely only on face recognition.
People steal phones consistently at bars from girls purses. It is not just as simple as not letting someone use your device. There are real victims of theft. Then identity theft from these flaws. You need to consider every scenario before oversimplifying a solution.
The face recognition works incredibly well. You should try to do a reset as people sugested here, maybe change the screen protector if you use one, and so on.
@@dmc6617 You nailed it. My screen protector was causing the problems, even though it is thin and clear plastic. I lowered it a bit so the lens is not covered, and it seems to be working perfectly now. I appreciate the advice!
The most fatal flaw for stolen iPhones (not accounts, like this video covers) is not explicitly asking for a password to enable airplane mode while locked. This immediately removes it from the FindMy network so you can’t attempt to locate it. You can disable control center, but then you lose some features. No one should be able to disconnect your phone from network without unlocking the device. Even turning the phone off keeps it findable.
"the new extra protections don't apply in familiar locations which you at no control over can't even see what they are" God that's such an Apple thing to do isn't it? They have this huge focus on security but they're also focused on making their tech accessible to even the dumbest of people to the point where they will literally make something less secure as a way to give the user less to think about. It reminds me of the BLE spam bug. These manufacturers design it so that it's "easy" to pair your headphones by proximity that you can just spam out Bluetooth pair requests and lock up the phones. The simple easy fix for this is just put a toggle for proximity pair but no that would be too confusing for the user 🤣 For the BLE spam you have to literally turn off Bluetooth and for this you have to turn off familiar locations simply because they don't give you any sort of advanced control over how it works.
You obviously didn't read the document that was on screen 5:11 as they do not use significant locations, but familiar locations like Home or Work which you do set! Complaining is easy, but reading is hard.
This whole video is about how you can't set familiar locations 😂 He's saying as a work around you can turn off significant locations as familiar locations are (presumably) derived from significant locations. Show me documentation from Apple saying you can manually control familiar locations because everything I can find supports what Thio said about it not being able to be manually set it and about how it relies on the significant location feature.
@@johnsmith8981 , its not read the document at 5:11 video. Joe got it all wrong as it says Home and Work! So no issues except someone needed to make a video and people falling for it!
@@craiggmelville I would like you to explain to me exactly how I set my home and work location as a familiar location. I love how you are saying I didn't read it when literally the timestamp you have linked to me says nothing about how the home and office locations are set... You said complaining is easy but reading is hard and yet here you are posting a timestamp of 5:11 that says It uses significant locations without saying anything about how you manage significant locations. Right now Apple sets your home or office automaticall. Basically Apple going "trust me bro we know where you live and work and couldn't possibly be wrong about it." If you want to call me out here and say I'm wrong I'm fine with that but please provide evidence that you can manually control your work and home locations for familiar locations and stop posting the 5:11 timestamp because clearly we both agree that they are using familiar locations that has nothing to do with your argument; you are saying that there is "no issue" and this video is about how Apple doesn't allow you to SEE or SET your work or home locations manually. You either need to explain why that's not a problem or explain how you actually can see/set them manually.
@@johnsmith8981 , think about it how do you add your home and work addresses into the phone? Via Contacts App, My Card and you could have many defined. Joe went on to say he thought these were derived from all the places that you visit like a coffee shop etc. How ridiculous is that when you think 🤔 about it?
It used to be easier to lock down apple account with a screen time passcode. However with recent changes they have made it harder to do that. It can still be done with screen time passcode but you have to remove your passcode which makes no sense.
One of my familiar locations is the gym…. A place where people might see you enter your passcode from over your shoulder, and people sometimes have their phones unlocked playing videos while they work out. I wish I could edit this location out.
Yes i know, same problem here. But i dont play youtube because of this, this is so stupid. I play music with apple podcast with locked phone to my airpods, sometimes i must lay my phone on a bench but its still locked..... And i only use face id.
Thank you so much for the video. My mother passed away and I have her iPhone but with Stolen Device Protection enabled as well as Face ID, I am unable to access it to format it. I have her device password as well as her Apple ID password. Do you have any idea on how I can turn off Face ID so I can format the iPhone?
Apple needs to remove the ability to reset your apple account password without entering the old one first. This is the biggest security flaw of everything..
At least for all of the AppleID/account-related issues, I can’t understand why Apple doesn’t just _require_ one’s AppleID password, no exceptions, to make changes. Or at least let users themselves force this instead of bizarrely allowing a device passcode to do anything at all related to account security. So stupid.
One big correction find my is NOT disabled even by being powered off anymore, the recent iphones completely turned off are still able to be located through Find my, they act as an airtag all the time. Putting it into airplane mode or powering it off does not affect this anymore.
You can also add unlocking to face ID by recognizing a code word or phrase, which the user could record in advance using sound recording. It would be nice if they added this
It would have been better if he had given explicit directions to get to the right setting, as I sometimes need to be told how to do something like I'm five years old. Go to Settings > Privacy & Security > Location Services > System Services (which is all the way at the bottom, as I found out), then tap Significant Locations. Tap Clear History, then turn off Significant Locations
I just got a 15 Pro a few days ago and set up a 4 digit PIN because I wanted some security, but to still be able to unlock it quickly, mostly so I can easily change the music while driving. But it's nice to know that if you set a alphanumeric password you don't have to enter it all the time, so this problem wouldn't be as obnoxious as I assumed it would be under the same circumstances.
I appreciate videos that show iOS devices security flaws. I like to think Apple employees watch them too cus every updates to my iphones security system, make me feel 10x more at ease when I misplace my iphone. Thanks
You can disable account and code changes from the Screen Time menu and set up limitations with a different pin code. It's meant to allow you to let your children play on your phone and restrict them from changing vital stuff. It also works if some thieves have tricked you into unlocking your phone. With this, any thief can't change your code or do any account setting stuff without the extra pin code.
Thanks for the video and changed my settings. What I found interesting is, on lock screen it asks for my face, which is great. So I tried to see what would happen if I didn't point the camera at my face and the password screen comes up. So now the thief with your passcode can still get into your phone.
From my experience, I believe familiar locations are the locations your apple maps thinks you might drive to when you get on your car. I get my house, work, and the gym
The places I visit the most are my university and work which is a hospital are probably the places my phone is most likely to get stolen so this is very helpful
As an Android user, I think it's stupid of Apple to allow someone to access the entirety of your Apple ID just with your 4 or 6-digit PIN-code. Even if you have a long alphanumeric code, anyone that knows your code and has access to your phone can literally access your entire Apple ID account. WHY, APPLE!? Your Apple ID password becomes useless when your phone is stolen, I would rather sacrifice some convenience over sacrificing security.
I've watched several presentations on this feature and read Apple's online article, but none address the problem I see with turning this feature on. I travel frequently, which some might say "OK, turn the feature on since you need it more than most due to risk of theft being high." The problem I see is that I'm frequently in new locations, and if I need to change my Apple account credentials, this feature could obstruct me from being successful when I might need it most.
Alphanumeric passcode. Maybe thieves steal from their “professional” job, where they have access to store’s security footage? Or on a bus? Also there are thieves that frequent meetups for the sole purpose of data theft. Similarly, they may monitor accounts where people publicly share their home info and when away from home.
One of my significant locations is a Little Caesar’s that I went to for literally 5 minutes just to pick up a pizza. I guess Apple likes little Caesar’s pizza
It may be listed under significant locations but it may not be ranked as highly as the others. I doubt simply being listed in that section = “familiar location”. That Little Caesar’s is probably a known location but has 1 visit for 5 mins whereas Home might have 1 entry with 365 visits and 6000 hours in the last year. In addition to time spent and location it could even look at a cellular tower you frequently connect to as well as known WiFi connections. If a location has free WiFi but is an open network it might say “ok we know this place but can’t 100% trust it, so let’s enforce the wait period”.
With an IPhone SE2 I am stuck after enabling this new feature. I cannot access my passwords or make certain changes any longer. I almost always use my numerical codes to enter in as my phone case has a film over the home button that does not allow it to recognize my fingerprint. While I have access to most of the phone, I am stuck in an endless loop of a Touch ID requirement and after removing the phone case to access the home button, it does not recognize my fingerprint! Unfortunately any of the options to fix this requires a Touch ID to verify. This phone does not have Face ID. So far unable to find a fix. Not sure yet if I have a faulty home button fingerprint recognition, or if it is the stolen device protection that is negating the Touch ID. Still looking for a solution. Great video by the way! 😊
As an IT contractor with extensive experience, I've observed a cautious approach among forward-thinking companies when it comes to utilizing biometrics for device unlocking. The primary concern lies in the heightened security risks associated with this method. Notably, instances of staff being targeted for theft, followed by the immediate disabling of biometrics on their phones, highlight a vulnerability. Furthermore, the potential misuse of biometric data by law enforcement poses an additional threat. Many security-conscious organizations prefer the reliability of a strong, long passcode as a more secure alternative.
It highlights that not all biometrics are the same like Windows hello can be fooled easily, but for solid reliable biometrics these are not the issue, but the simple four digit passcode or pattern unlock. Ultimately the issue is the meat bag using the device and the evil meat bags all around!
Not sure where you work as an IT contractor but where I am exactly the opposite is true ( I work in IT security ). MFA and good passwords are always mandatory but ideally the second factor is biometric. I’ve never heard anyone suggest different before this.
@@ChrisSmithy , I don't know how long you have been in the business, but MFA is the go to and passwords were fit for purpose, but are not acceptable on there own. People today leave post-it notes at the desk or in the phone case. Hence MFA/2FA, yet we are talking about the iPhone security in this video and that was broken by people giving up the passcode and was not related to the biometrics.
@@craiggmelville 25 years of late nights and antisocial hours and counting sadly lol. I agree with you that passwords are important but as it stands there are so many vulnerabilities and outstanding CVEs in general with password bypass attacks that often the length and complexity of the password becomes irrelevant. Most high security companies I work with insist on biometric access control nowadays. I just find it interesting how different countries have different solutions and different policies regarding IT security, that was more my point of my last message. I know the USA does things quite differently to us and everywhere seems to make their own policies work for them. Wouldn’t like to judge who’s is best, swings and roundabouts really. Regarding phone passcodes I’ve just checked over some of the IT policies for mobile devices and all of them insist on biometric identification for primary access for us. Should imagine that’s different in different countries
@@ChrisSmithy , congrats on 25 years I way past that number though. Passwords are always the weak point in any security system as have seen people share passwords with paper and then throw them in the bin. So a very low level hack is created and that is done by entering a password x amount of times then someone having to get a password reset or worse reactivated. MFA is way better. Hopefully websites will move away from passwords and into passkey as this will be another massive step to help secure the masses.
Yesterday I was at some grocery store and it shows up at significant locations. I literally haven’t been there for a year before that and maybe 2 or 3 times in my whole life since it’s in the neighboring town. How can this be a significant location? It only should be home and work. That’s it. I got 207 significant locations what might as well probably be the whole city I‘m living in.
5:42 I've no phone but ipad. when i scroll around the map i can see other locations. my university has two campuses. both are marked at significant locations. haven't been there for a year. my home apparently is no significant location haha.
Go to Settings -> Screen Time -> Content & Privacy Restrictions and disable (don't allow) Passcode Changes and Account Changes. Then enable Content & Privacy Restrictions with a different PIN that you use to unlock your phone. A thief won't know this PIN and won't be able to disable Content & Privacy Restrictions, and therefore won't be able to make any changes to your phone or Apple ID passwords.
I really wish Apple would say how they identify locations. I was testing the feature and changed the setting for security delay from “Away from familiar locations” to “Always” and then back, I got the delay, while at my home. It said I was not at a familiar location. Not sure how this can be since it’s my home…I work from home…I’m here 90% of the time. Seems like another glitch.
That stuff at 7:55 doesn't make sense. Apple would for sure not add anything to that list of significant locations if you don't authenticate there with your face id. And that is something a thief can't do. So no matter what he does with the stolen phone, he won't be able to add any new location to that whitelist.
I do agree that modifying these locations would be the best option! However, I wish people would stop referencing the Wall Street's article as a means to say "Apple's system is flawed" when in reality, it's just some people's nature to be ignorant. The thief admitted, he only got into phones by targeting vulnerable people who enjoy drinking irresponsibly. Not to mention, people who also let "strangers" hold their phone for minutes, even hours, without watching them or their surroundings. For what reason, I do not know but what I do know is, when billion dollar companies discuss innovative software features, its focus is never on negligent consumers.
I thought you would need Face ID to turn on the Significant Locations anyway. Perhaps that's something you need to try, when it's off and the Stolen Device Protection is on, can you even turn on the Significant Locations option with a passcode only.
• UPDATE: Apparently the iOS 17.4 beta has added an option to always require a security delay even at familiar locations, which is a great step. I still really want the ability to specifically choose the familiar locations, to prevent the passcode from being used at all for important tasks.
• ANOTHER TIP: I didn't mention this but several have mentioned that you can actually use the "screen time" feature to add a second separate required passcode for certain functions like account changes. It's a great option but might make it annoying to access other settings like info in the icloud menu.
This video looks like AI'd your face
Is there a way to designate just one location HOME as a familiar location and that's it! Only HOME and nowhere else. Seems to me that would be a popular option.
@@kensteele3363 No. There isn’t.
Another tip: if you can't use FaceID for whatever reason (and if you have iCloud backup enabled! really important!) you can restore your iPhone by putting it into download mode, then restoring and reset it using a Windows/Mac. In most case you won't loose any data.
Guess what: You can still change the screen time password with just your phone password.
if apple would just let us manually enter these locations...
That's exactly what i hate about Apple Products: there are so many annoying little limitations in their whole lineup of products an services.
Then a thief would just enter his home as familiar location…
Or only apply it to work or home
Or maybe select from a map which locations do you want to keep
@@pxnchx93 Then again, it’s a double edge sword.
love how he went straight to the point
Or just don't use a phone for everything like financial and other sensitive apps. instead, do it on a home laptop/computer, problem solved. ;D
@@BillAnt I'd bet it's safer to use a relatively locked-down system, like a phone, instead of a computer where you have many more chances to install anything, good and bad, making the attack surface much wider.
@@HMijailAntonQuiles - Don't know about that, but what I do know is that in the past 20 years I've been using my computer exclusively for all my financial transactions, I haven't been hacked even once. I don't install every random app I find on the web, and don't click on every "You won a million dollars!" link either. And yes for dummies who do all that I don't recommend neither a phone or computer. lol
I just feel more comfortable and easier to type on my real keyboard on a large screen than squinting at my phone screen. But hey, to each their own.
@@HMijailAntonQuiles - What I do know is that in the past 20 years I've been using my computer exclusively for all my financial transactions, I haven't been hacked even once. I think that's a pretty darn good track record of safety.
love how he actually showed us how to do it (he didn’t)
Update: iOS 17.4 beta includes the option to Always require a security delay instead of just unfamiliar locations, effectively working around this flaw.
It’s not a flaw, it’s a designed convenience for regular people.
It is a flaw if the design fails to consider a very important side of the picture, or if the measures taken for this are insufficient@@SeanTube2099
It’s because normal people will find it annoying that the restrictions exist at all times. So Apple does you a favor and by default makes it so you don’t have to worry about it getting in the way!
An additional layer of protection in conjunction to using Stolen Device Protection is to set a 4 digit Screentime passcode, ENABLE Content Restrictions and then DISABLE the following two items: 1) "Allow Account Changes" and 2) "Allow Passcode Changes". This is the method I used before SDP became an option in iOS 17.3, and I intend to carry on using this as a "belt and braces" approach. Can't be too careful!
This method also works across Macs, iPads, and other iPhones attached to your iCloud account. As of 1/28/2024 SDP only can be enabled on iPhones.
That’s Advanced Protection (I call it)😂👍
The iPhone will be useless for a thief!
I don’t really understand why thieves keep stealing iPhones in 2024 when they’re aware of Find My and all of the security protection iPhone has?
I see it as a bad investment for the thief himself…
Indeed. I'm surprised more don't do this.
Does this method have a three tries and you're locked feature? Also, can the screen password be longer than 4 characters and alphanumeric?
@@Roy-ij1wq The screen time password is limited to 4 digits, so whilst it’s not that secure, it’s one extra barrier a thief would need to overcome and importantly, it does give you a bit more time to access your iCloud account remotely and change your main passwords. The normal screen lock password can be a random mix of numbers, letters and special characters, or a pass phrase which I personally prefer - e.g. several memorable words, each separated by a hyphen.
Great video, thanks! Apple did make this new feature a little over-complicated. It would have been better had they allowed you to specify your own significant location(s), that way you could potentially set just a single significant location (e.g. your home) where the additional protection is overridden.
*FYI I'm running iOS 17.4 Dev Beta 1 and there is a new feature to require security delay "Away from Familiar Locations" OR "Always", so no need to turn off Significant Locations, if that's what you're worried about.*
If someone enabled it in 17.3 and updated to 17.4 is the Always option selected by default?
@@atpray No
(Pro tip: "all bold" means nobody reads what you write).
It doesnt require faceID to set it back to familiar locations. lol
Yeah it should let you select locations
You can add an additional layer of security by turning on screen time and disabling account changes so it’ll be harder for thief’s to sign out of iCloud As you can’t go to settings-> screen time -> then content restrictions at the bottom turn off account changes
WHY ISNT MY HOUSE A FAMILIAR LOCATIONNNMN
I also have implemented two additional security steps.
1. I set a pin for screen time and disabled passcode changes and account changes. This way even if they know your passcode they still can't change your device passcode or your Apple ID password.
2. I set up an automation in the shortcuts app that automatically locks the phone any time you open critical apps. The automation only applies if the phone is not connected to my home wifi. So for instance, you are sitting at the bar texting your SO and someone walks up grabs the phone out of your hand and runs while it's still logged in. They open the settings app, the phone automatically locks. It's really not all that much extra effort to just use your touch id or face id to quickly log back in. It's basically no different than how some banking apps request a touch id to open the app. I also applied it to my email app as well, because if they get access to your email they can start doing password resets on accounts you have tied to that email. And I have other apps set up that way as well.
This is a great idea. Thank you
Thanks Thio! 💜
Many people commented that there's a fix for this flaw in the iOS 17.4 beta, but the other topics in this video might be just as important.
I'm surprised the comment section is so civil lol
Don't jinx it lol, it's only been half an hour
These videos have a great community in my experience
You should activate Screen Time to YOURSELF -> and disable passcode and account changes (under Content & Privacy Restrictions). You ofc set a different numerical code here than your ”regular” passcode.
After this, the thief now would have to know your passcode AND the different Screen Time code to do anything account or passcode related.. BUT…. This might not be 100% bulletproof, because you CAN reset the Screen Time code via AppleID, but it prevents the process to be ”familiar” and fast..
The screen time passcode can be reset with your regular passcode sadly.
@@markster136how so?
@@markster136 incorrect
i loved your og stuff when you just tried to piss people off, but your new stuff is kickass too. thanks for the content, you kickass!
Another useful video!! just enabled the feature! Thanks again Thio!!
As someone who lost his 13 mini this way. I'm setting up my new 15 with this video, I've had it bookmarked since you dropped it.
LIFE SAVER 🙏
You could also set screen time passcode and restrict changes to passcode & faceID, location services and accounts. That adds another layer of security
My GOD why make this so difficult..????
It's the Apple effect 😮💨
It's actually the Windows affect and every system (like iOS) that rely on compartments to provide security. It's the attempt to make the system easier to use providing some relief from constantly providing security info. Code in general has many of these to bypass security in special conditions to allow "trusted" connectivity and access. Windows had some famous ones where a file can be an executable internally and have a JPEG extension (.jpg) therefore bypassing some security filters. But when accessed, Windows does ignores the extension and rather looks at the file content, sees it's an executable, and runs it. Instant Malware installation. Developers are often shortsighted when solving problems. They are mostly looking for a solution to problem. It's more rare that someone thinks outside the box to see the potential issues. Those are the white hats that probe to find vulnerabilities. Black hats probe the same way to exploit the issue and ruin lives for profit.
Another good tip is to use a privacy screen protector to prevent prying eyes on the side
More than anything, the video confirms why I don't use my Apple account for anything more than the most basic of functions. Thanks anyway Thio; a really informative video as always.
Can you elaborate?
@@Albdeanur phone will still be gone :/
when talking about this future, nobody actualy covered this flaw, thanks, great video, helpfull as always. ur the best
Why only on the Iphone and not IPAD??
1) What if your phone faceID breaks? Can it still be recovered/transferred to a new phone?
2) On airplane mode on lock screen, what about the bluetooth lost beacon for powered off phones?
totally awsome and professional. Thank you for this valueable and useful information we should all take a half hour and do the things you suggested in our iphones. Keep up the great work.
I would have thought "significant locations" are places where you have unlocked your device (otherwise a thief could hang out in an area with your phone till it got added to the list)
iOS 17.4 Beta fixes this issue. There is another menu in 17.4 to require the delay always rather than only when not at a familiar location.
This video has proper subtitles ❤
There's a pretty easy work around to that. Sensitive settings like find my phone, face unlock and apple account settings should simply have different pin and not lock screen code. I never understood why they didn't apply that tbh.
I think that’s just too complicated for many users, having to remember multiple codes would become inconvenient and bothersome. Especially for elderly iPhone users. They can barely remember their one passcode or password lol
Good video. The Screen Time pin lock workaround seems more secure with less hassle (not having to wait an hour).
The simplest solution that Apple could have implemented would be allowing you to choose a different PIN/Passcode for critical system services or apps.
Turn on screen time, set a different passcode for screen time, and under Content & Privacy Restrictions, set Passcode Changes and Account Changes to 'Don't Allow'. This way, even if they somehow got your regular screen passcode, they will not be able to make any passcode or account changes without knowing the separate screen time passcode that you set.
Screen time is a good way to ensure additional protection, you’ll rearly ever need to enter your screen time password, and a thief will need it to change your account settings and your passwords … it’s quite easy to set up too… screen time - set screen time passcode - content and privacy restrictions - account changes and passcode changes - select don’t allow … I kept this on even after enabling stolen device protection cause I’ll be keeping significant locations on…
Keep in my mind, one time you’ll need to use your screen time passcode is when you yourself need make changes your account or passwords - eg. Face ID is hidden from menu so you’ll need to disable screen time to access it (well just allow changes - then change back to don’t allow after)
Seems like a better solution would be to require a different password and Face/Touch ID to get into the Settings app.
EVERY TIME I backup my phone, plug it in to charge via USB or even when downloading photos I MUST type in my passcode. It is needed a lot more than you suggest.
User: "I had a major facial injury."
Apple device: "New face who dis?"
Nice! I have just found this feature in my new iPhone and I have noticed this flaw too. I have had the same conclusion as you. High five 🙏
Turning off significant locations also saves a bit of battery!
i just updated to iOS 17.4 beta and it adds an option to always require the security delay
what about devices with broken face/touch id?
This!
There goes your ecosystem, easily taken down in one swoop. I'm still puzzling how Apple still thinks it's better for the convenience over security to use the lock screen password to change anything on the Apple account, even after all these reported crimes happening in real life, they still blame the users and make half-baked adjustments to fix the issue. Like something as simple as requiring the phone to be unlocked to toggle airplane mode is not available and you have to hide the whole control center on the lockscreen to avoid that. My 5 years old Android phone has already been able to prompt the users to unlock the phone when they toggle certain items from the lockscreen and probably most phones before it. Clearly Apple has not thought about security enough.
they value what the consumer values. Its hard to force good security practices on users unless the whole industry does it, otherwise people will just switch to other companies or turn off the features. People love convenience.
there is no need to lock airplane mode. On iPhones, airplane mode doesn't disable Bluetooth so FindMy keeps working regardless.
Seems odd that Stolen Device Protection (SDP) requires Face ID to access certain features, but iOS still forces me to enter my passcode on a regular basis to use Face ID. Makes no sense if Face ID is the more secure authentication. I already have Significant Locations disabled to save battery.
Don't let others use your cell phone. Thumbs up, TJ--great information here. Here is a problem. The face recognition on my phone is bad. Better than half the time I need the passcode to unlock. I thought that is how things were with iPhones. I might lock myself out of my phone if I rely only on face recognition.
People steal phones consistently at bars from girls purses. It is not just as simple as not letting someone use your device. There are real victims of theft. Then identity theft from these flaws. You need to consider every scenario before oversimplifying a solution.
Try if a reset of your FaceID or even een re-instal of the phone fixes your problems. Also turn off the facemask compatibility setting.
The face recognition works incredibly well. You should try to do a reset as people sugested here, maybe change the screen protector if you use one, and so on.
@@dmc6617 You nailed it. My screen protector was causing the problems, even though it is thin and clear plastic. I lowered it a bit so the lens is not covered, and it seems to be working perfectly now. I appreciate the advice!
@@MultiStats glad to help!
The most fatal flaw for stolen iPhones (not accounts, like this video covers) is not explicitly asking for a password to enable airplane mode while locked. This immediately removes it from the FindMy network so you can’t attempt to locate it. You can disable control center, but then you lose some features. No one should be able to disconnect your phone from network without unlocking the device. Even turning the phone off keeps it findable.
Aluminium alloy.
"the new extra protections don't apply in familiar locations which you at no control over can't even see what they are"
God that's such an Apple thing to do isn't it? They have this huge focus on security but they're also focused on making their tech accessible to even the dumbest of people to the point where they will literally make something less secure as a way to give the user less to think about.
It reminds me of the BLE spam bug. These manufacturers design it so that it's "easy" to pair your headphones by proximity that you can just spam out Bluetooth pair requests and lock up the phones. The simple easy fix for this is just put a toggle for proximity pair but no that would be too confusing for the user 🤣
For the BLE spam you have to literally turn off Bluetooth and for this you have to turn off familiar locations simply because they don't give you any sort of advanced control over how it works.
You obviously didn't read the document that was on screen 5:11 as they do not use significant locations, but familiar locations like Home or Work which you do set! Complaining is easy, but reading is hard.
This whole video is about how you can't set familiar locations 😂
He's saying as a work around you can turn off significant locations as familiar locations are (presumably) derived from significant locations.
Show me documentation from Apple saying you can manually control familiar locations because everything I can find supports what Thio said about it not being able to be manually set it and about how it relies on the significant location feature.
@@johnsmith8981 , its not read the document at 5:11 video. Joe got it all wrong as it says Home and Work! So no issues except someone needed to make a video and people falling for it!
@@craiggmelville I would like you to explain to me exactly how I set my home and work location as a familiar location. I love how you are saying I didn't read it when literally the timestamp you have linked to me says nothing about how the home and office locations are set...
You said complaining is easy but reading is hard and yet here you are posting a timestamp of 5:11 that says It uses significant locations without saying anything about how you manage significant locations.
Right now Apple sets your home or office automaticall. Basically Apple going "trust me bro we know where you live and work and couldn't possibly be wrong about it."
If you want to call me out here and say I'm wrong I'm fine with that but please provide evidence that you can manually control your work and home locations for familiar locations and stop posting the 5:11 timestamp because clearly we both agree that they are using familiar locations that has nothing to do with your argument; you are saying that there is "no issue" and this video is about how Apple doesn't allow you to SEE or SET your work or home locations manually. You either need to explain why that's not a problem or explain how you actually can see/set them manually.
@@johnsmith8981 , think about it how do you add your home and work addresses into the phone?
Via Contacts App, My Card and you could have many defined. Joe went on to say he thought these were derived from all the places that you visit like a coffee shop etc. How ridiculous is that when you think 🤔 about it?
It used to be easier to lock down apple account with a screen time passcode. However with recent changes they have made it harder to do that. It can still be done with screen time passcode but you have to remove your passcode which makes no sense.
One of my familiar locations is the gym…. A place where people might see you enter your passcode from over your shoulder, and people sometimes have their phones unlocked playing videos while they work out. I wish I could edit this location out.
Yes i know, same problem here. But i dont play youtube because of this, this is so stupid. I play music with apple podcast with locked phone to my airpods, sometimes i must lay my phone on a bench but its still locked..... And i only use face id.
Apple warns if you disable significant locations will affect the way some apps operate, such as maps, gps, etc.
Not in any major way.
Thank you so much for the video. My mother passed away and I have her iPhone but with Stolen Device Protection enabled as well as Face ID, I am unable to access it to format it. I have her device password as well as her Apple ID password. Do you have any idea on how I can turn off Face ID so I can format the iPhone?
Would love if Apple implements scramble passcode layout instead of all the extra stuff
Apple really needs to do better with end user security options.
Thanks!
Apple needs to remove the ability to reset your apple account password without entering the old one first. This is the biggest security flaw of everything..
At least for all of the AppleID/account-related issues, I can’t understand why Apple doesn’t just _require_ one’s AppleID password, no exceptions, to make changes. Or at least let users themselves force this instead of bizarrely allowing a device passcode to do anything at all related to account security. So stupid.
One big correction find my is NOT disabled even by being powered off anymore, the recent iphones completely turned off are still able to be located through Find my, they act as an airtag all the time. Putting it into airplane mode or powering it off does not affect this anymore.
very good info, power and home at same time, cool!
Great video - thanks for the update, really useful
You can also add unlocking to face ID by recognizing a code word or phrase, which the user could record in advance using sound recording. It would be nice if they added this
It would have been better if he had given explicit directions to get to the right setting, as I sometimes need to be told how to do something like I'm five years old. Go to Settings > Privacy & Security > Location Services > System Services (which is all the way at the bottom, as I found out), then tap Significant Locations. Tap Clear History, then turn off Significant Locations
How does the setting for unlocking with Apple Watch play into this? Should I disable that feature as well?
I just got a 15 Pro a few days ago and set up a 4 digit PIN because I wanted some security, but to still be able to unlock it quickly, mostly so I can easily change the music while driving. But it's nice to know that if you set a alphanumeric password you don't have to enter it all the time, so this problem wouldn't be as obnoxious as I assumed it would be under the same circumstances.
Yeah the passcode is only requested when your face is not recognised enough times, or once in 72 hours or so.
Many thanks for sharing very informative security updates god bless take care
I appreciate videos that show iOS devices security flaws. I like to think Apple employees watch them too cus every updates to my iphones security system, make me feel 10x more at ease when I misplace my iphone. Thanks
You can disable account and code changes from the Screen Time menu and set up limitations with a different pin code. It's meant to allow you to let your children play on your phone and restrict them from changing vital stuff. It also works if some thieves have tricked you into unlocking your phone. With this, any thief can't change your code or do any account setting stuff without the extra pin code.
Thanks for the video and changed my settings. What I found interesting is, on lock screen it asks for my face, which is great. So I tried to see what would happen if I didn't point the camera at my face and the password screen comes up. So now the thief with your passcode can still get into your phone.
Honestly, it would be great if Apple simply required a separate password to access settings
From my experience, I believe familiar locations are the locations your apple maps thinks you might drive to when you get on your car. I get my house, work, and the gym
The places I visit the most are my university and work which is a hospital are probably the places my phone is most likely to get stolen so this is very helpful
As an Android user, I think it's stupid of Apple to allow someone to access the entirety of your Apple ID just with your 4 or 6-digit PIN-code. Even if you have a long alphanumeric code, anyone that knows your code and has access to your phone can literally access your entire Apple ID account. WHY, APPLE!? Your Apple ID password becomes useless when your phone is stolen, I would rather sacrifice some convenience over sacrificing security.
I've watched several presentations on this feature and read Apple's online article, but none address the problem I see with turning this feature on. I travel frequently, which some might say "OK, turn the feature on since you need it more than most due to risk of theft being high." The problem I see is that I'm frequently in new locations, and if I need to change my Apple account credentials, this feature could obstruct me from being successful when I might need it most.
This is the best video on CZcams right now thanks for sharing this information thio Joe 👍👍👍👍👍
Thx for the advice which I’ve now done
I need help to turn off my stolen device protection my Face ID is not working 😢
Alphanumeric passcode.
Maybe thieves steal from their “professional” job, where they have access to store’s security footage? Or on a bus? Also there are thieves that frequent meetups for the sole purpose of data theft. Similarly, they may monitor accounts where people publicly share their home info and when away from home.
5:50 wow some how a work place for my Wife was a significant place… and I don’t really go there that often anymore.
I cleared and turned it off tho
Hey, are use screen time and I have clocked off passcode and Face ID, and make another pin code to screen time
One of my significant locations is a Little Caesar’s that I went to for literally 5 minutes just to pick up a pizza.
I guess Apple likes little Caesar’s pizza
It may be listed under significant locations but it may not be ranked as highly as the others.
I doubt simply being listed in that section = “familiar location”. That Little Caesar’s is probably a known location but has 1 visit for 5 mins whereas Home might have 1 entry with 365 visits and 6000 hours in the last year.
In addition to time spent and location it could even look at a cellular tower you frequently connect to as well as known WiFi connections. If a location has free WiFi but is an open network it might say “ok we know this place but can’t 100% trust it, so let’s enforce the wait period”.
Mine is a sushi place I went to 3 weeks ago. Didn’t spend more than an hour there.
Omg my significant location was a restaurant I only went to for a few hours last week 🤦♀️
With an IPhone SE2 I am stuck after enabling this new feature. I cannot access my passwords or make certain changes any longer. I almost always use my numerical codes to enter in as my phone case has a film over the home button that does not allow it to recognize my fingerprint. While I have access to most of the phone, I am stuck in an endless loop of a Touch ID requirement and after removing the phone case to access the home button, it does not recognize my fingerprint! Unfortunately any of the options to fix this requires a Touch ID to verify. This phone does not have Face ID. So far unable to find a fix. Not sure yet if I have a faulty home button fingerprint recognition, or if it is the stolen device protection that is negating the Touch ID. Still looking for a solution. Great video by the way! 😊
Great video. Thank you.
What can happen if the Face ID cable is disconnected?
As an IT contractor with extensive experience, I've observed a cautious approach among forward-thinking companies when it comes to utilizing biometrics for device unlocking. The primary concern lies in the heightened security risks associated with this method. Notably, instances of staff being targeted for theft, followed by the immediate disabling of biometrics on their phones, highlight a vulnerability. Furthermore, the potential misuse of biometric data by law enforcement poses an additional threat. Many security-conscious organizations prefer the reliability of a strong, long passcode as a more secure alternative.
It highlights that not all biometrics are the same like Windows hello can be fooled easily, but for solid reliable biometrics these are not the issue, but the simple four digit passcode or pattern unlock. Ultimately the issue is the meat bag using the device and the evil meat bags all around!
Not sure where you work as an IT contractor but where I am exactly the opposite is true ( I work in IT security ). MFA and good passwords are always mandatory but ideally the second factor is biometric. I’ve never heard anyone suggest different before this.
@@ChrisSmithy , I don't know how long you have been in the business, but MFA is the go to and passwords were fit for purpose, but are not acceptable on there own. People today leave post-it notes at the desk or in the phone case. Hence MFA/2FA, yet we are talking about the iPhone security in this video and that was broken by people giving up the passcode and was not related to the biometrics.
@@craiggmelville 25 years of late nights and antisocial hours and counting sadly lol. I agree with you that passwords are important but as it stands there are so many vulnerabilities and outstanding CVEs in general with password bypass attacks that often the length and complexity of the password becomes irrelevant. Most high security companies I work with insist on biometric access control nowadays. I just find it interesting how different countries have different solutions and different policies regarding IT security, that was more my point of my last message. I know the USA does things quite differently to us and everywhere seems to make their own policies work for them. Wouldn’t like to judge who’s is best, swings and roundabouts really. Regarding phone passcodes I’ve just checked over some of the IT policies for mobile devices and all of them insist on biometric identification for primary access for us. Should imagine that’s different in different countries
@@ChrisSmithy , congrats on 25 years I way past that number though. Passwords are always the weak point in any security system as have seen people share passwords with paper and then throw them in the bin. So a very low level hack is created and that is done by entering a password x amount of times then someone having to get a password reset or worse reactivated. MFA is way better. Hopefully websites will move away from passwords and into passkey as this will be another massive step to help secure the masses.
Great video thank you! You gained a subscribe for sure
Great video, love how the stock image of the thief looks like Linus 😂😂
lol iOS 17.4 fixed this already
Yesterday I was at some grocery store and it shows up at significant locations. I literally haven’t been there for a year before that and maybe 2 or 3 times in my whole life since it’s in the neighboring town. How can this be a significant location? It only should be home and work. That’s it. I got 207 significant locations what might as well probably be the whole city I‘m living in.
My Face ID module is broken, is it even worth upgrading to iOS 17.3 for this feature?
No. You risk getting yourself locked out. You can update, just don’t enable the feature.
Create automation at shortcut to run when airplane mode is turned on, immediately turn it off.
5:42 I've no phone but ipad. when i scroll around the map i can see other locations. my university has two campuses. both are marked at significant locations. haven't been there for a year. my home apparently is no significant location haha.
Screen Time - analyse in detail this setting, there are clips on youtube.
Did it right away. Thanks for the tip
Go to Settings -> Screen Time -> Content & Privacy Restrictions and disable (don't allow) Passcode Changes and Account Changes. Then enable Content & Privacy Restrictions with a different PIN that you use to unlock your phone. A thief won't know this PIN and won't be able to disable Content & Privacy Restrictions, and therefore won't be able to make any changes to your phone or Apple ID passwords.
when is the movie about ios 17.4 because they changed this feature and now it is possible to disable known locations?
all you need is to use screen time protections to prevent this all
YES! MORE THIOJOE! 🎉🎉 lets gooo! i love thiojoe ❤
I really wish Apple would say how they identify locations. I was testing the feature and changed the setting for security delay from “Away from familiar locations” to “Always” and then back, I got the delay, while at my home. It said I was not at a familiar location. Not sure how this can be since it’s my home…I work from home…I’m here 90% of the time. Seems like another glitch.
That stuff at 7:55 doesn't make sense. Apple would for sure not add anything to that list of significant locations if you don't authenticate there with your face id. And that is something a thief can't do. So no matter what he does with the stolen phone, he won't be able to add any new location to that whitelist.
But he would be able to use your phone at one location to appear familiar, and therefore let them in without SDP delay.
I do agree that modifying these locations would be the best option! However, I wish people would stop referencing the Wall Street's article as a means to say "Apple's system is flawed" when in reality, it's just some people's nature to be ignorant.
The thief admitted, he only got into phones by targeting vulnerable people who enjoy drinking irresponsibly. Not to mention, people who also let "strangers" hold their phone for minutes, even hours, without watching them or their surroundings. For what reason, I do not know but what I do know is, when billion dollar companies discuss innovative software features, its focus is never on negligent consumers.
I thought you would need Face ID to turn on the Significant Locations anyway. Perhaps that's something you need to try, when it's off and the Stolen Device Protection is on, can you even turn on the Significant Locations option with a passcode only.
Thank you
Feature is NOT available in iPadOS 17.3