Your iPhone has a MAJOR security problem (5 tips to keep you safe)

📧 Want a FREE weekly dose of Tech News, Hints and Tips? Sign up for my newsletter!
eepurl.com/h7MWfv

The other thing that is important is to take a screen shot of the “about” page, specifically the IMEI number(s) and keep that on some one else’s phone. This is the number that the cell system uses to track where your phone. You send this number to the Police and they can see where your phone is and block it out of the cell system.
This used to be a thing we all should do but it is forgotten.
I am going to do what the previous commenter said too.

The problem is not the passcode, but that you can reset your apple-ID with it rather than to type in your apple-ID password.

Scary indeed! Thank you so much for this video and your suggestions. Especially not being aware of the problem is the biggest danger.

Apple should bring back Touch ID as a secondary unlock system which can be on the side button, similar to the 10th gen iPad top button. Maybe starting with iPhone 15. Passcode should be used only as a last resort and that too when you are not in a crowd.

Also, I have complained to Apple for ages that it makes no sense for a two factor code to be sent in a message to the device you request it on. It *should* be sent to your other devices excluding the one its requested on. Implementation of this would be easy - either a special category of message or, since they read the messages (are they encrypted?) so the system can know its a 2fa code they can pre-empt and disable delivery for such a message to the requesting device.

Fully support your suggestions. My rule of thumb is not to use passcode ever when in a public place. Even udring Covid I would rather wait for login until out of a group of strangers then while in it.
What I do not understand is: to access passwords on Safari on the computer you need the admin password but you do not on the phone. Why not use the admin password also on the phone

Thank you for this informative video. I don’t imagine such a situation happening to me but I can never truly predict the future. I do alway use face id because of how convenient it is but it harms no one to take extra precautions to prevent the worst from happening.

Thanks for making valuable educational content! Really appreciate you, man.

I really feel safe when I listen to you and when there is a problem and I try to solve it calmly. You really help me with these videos. Thank you.

Thank you very much. You’re really something. Your videos make difference. This is so very important and a lot of people need to listen/hear what you say. Please continue your good work. ❤️

Great video, very well put together and explained, thanks!

Really good. A real eye opener and will be taking action this weekend.

Thanks for the amazing content. Finding it very helpful!!

yep; totally agree! I have very early on chosen an alphanumeric code with more than 12 digits & ciphers with special characters! It is sometimes a ‘bummer’ when my biometric doesn’t work, but I feel it’s worth it! I also use a password manager rather than putting all my ‘eggs’ in keychain, but nevertheless use it now and again! I also use Proton mail and Signal on my phone! I try to maintain a step before to ensure to make as difficult as possible to not get ‘Virtually’ mugged! But I am well aware these are just improved steps to keep up to speed! Thanks for your Videos, I have picked up many tips from your channel! 👍😎

thanks for the sharing. just realize this weak point at my device

Just a simple security question to a well chosen answer would do the trick

7:18- you hit the nail on the head there. So true

Sound advice! Thank you!

Thanks for the great and important video. I changed everything here, based in your recommendations. I really appreciated it!

I found this video extremely helpful and i will be using the Face ID from now on going forward. Thank you

Enjoyed your video, your thoughts on security keys?

I set my iCloud sign in on a YubiKey. I also go into Screen Time and set not allow to account changes and a few other things and set up a different pin for screen time. That locks out my profile on device unless they know that pin.

Good data and advice, thanks!

Thank you for this video 🙂

Thanks for the information ☺️ What if I use Advanced Data Protection? Wouldn’t that help a lot?

great video tom! thank you for making such great content for us. I wanted to share an idea though... we do need an app lock feature on iPhones and there should be a feature that asks for a passcode whenever you try to turn off your iPhone. That way, if your phone is stolen and if you have an E-SIM, it would be nearly impossible for the thief to turn off your iPhone. And because of this you can easily trace the location of your iPhone. :).

Many thanks. Great advice.

Thank you for the info!

Thank you for sharing your knowledge about this topic very useful information that I didn’t know about n I understand that It could happen to me or anyone n I’m just glad to know about it now thanks again

*Excellent presentation!* 🎥👍
_Hi Tom, I'm interested in what you think of these ideas..._
1.
Why don't Apple simply have a setting option where the phone needs double verification! (Face ID and Pin Code). It may be a slight inconvenience, but ladies whom get targeted most if they go to night clubs, can simply enable the feature before they go out.
2.
The other idea is if they own an Apple Watch, that the watch has a feature that if the phone is a distance more than say 20 feet away; that the phone will instantly "Lock Screen". (no matter what mode it's in). What do you think? 😊

Another way to prevent this from happening or at least a method to slow them down is as follows.
Open Settings - Screen Time - Content & Privacy Restrictions - scroll down to Allow Changes - select don’t allow changes to passwords & account changes.
Remember these guys probably know what they are doing but this should buy you enough time to be able to lock your phone and report it as stolen from the find my app.
Hopefully this doesn’t happen to anyone here but it’s never to late to take these precautions.

Outstanding video! Got me to change my ways! Many thanks!

Brilliant and important video

Thanks Tom great and informative video cheers

Some fixes: to change iCloud password and pincode apple must mask for the password instead of only the pincode.
Or have an alternative more secure secondary pin thats only required when one wants to change critical details like pin and iCloud password.

Thank you very much for your videos, especially this one. I thought I was more secure than I am with my poor passcode.
Regarding secure files, I keep an encrypted disk image for my financial files. But I realize I want more of my files to be protected now.
If I move files from my iCloud documents into a disk image file, then delete them from the unencrypted documents folder, what happens to the backups? Would someone be able to get my deleted sensitive files from backups in iCloud?
I encrypt my Time Machine backups, and use an encrypted external drive when I can. What about my own backups in Time Machine? How long will my deleted files be recoverable there? Can I delete a file explicitly from my backups?
Thanks again.

I have a security background and as recently migrating from Android phone to iPhone. I noticed this vulnerability right away. Fortunately, I have always relied on third-party software for backup storage and password management, so will continue this approach. Made me acutely aware that now I have a target on my back as an iPhone user. Best thing to do is be very discrete about where and when you use this device - and change login method based on your vulnerability. Before going to a bar or on vacation, change to fingerprint or face recognition - you can always change it back later.

Thank you for a great video.

Many thanks for yet another calmly and concisely articulated informative video. How do you feel about using Screen Time -content and privacy restrictions - to allow/don't allow passcode changes and account changes as a security measure to be followed by iPhone owners until Apple figures out a way to sort out this issue?

Thanks

Tnx for this education!😊

Scary, but really helpful!

Scary stuff. Thanks making adjustments.

Thanks for letting us know. Can’t wait to try this on somebody

Thank you!

Thanks for your sharing

Thanks for highlighting this. Lost a phone on a train some years back and, as far as I'm aware, it wasn't actually compromised as I've always used a 10 character alphanumeric code. By the time I'd got home to check, whoever had picked it up had already switched it off as Find My couldn't locate it (and never did subsequently). Battery was fully charged when I left home so switching it off it was a deliberate attempt to avoid detection.

Thank you for this very useful information. It confirms some things that I already suspected ( I have /do no banking info on phone or in the cloud) & made solid suggestions about safety.

Wow 😮. What a great vid. So much important info. Thanks 🙏 heaps.

Odd for them to not require the existing password in full to change it.

I use Screentime restiction. Works like a charm

You can use screen time passcode to lock access to icloud settings and passcode settings, as well as a lot of other useful stuff. definitely recommend setting up screen time.

Great content, good job.

Very informative video, hopefully people will listen to you.

Great video. Thanks.

I read something after this made the news advising us to go into parental controls and privacy and enable the option that the iCloud password could not be changed unless you have a code that only you would know. It does create inconvenience because you can’t select iCloud but you just go into that setting and key in your code. Does this look like a good option to you?

11:38 You have better options for storing data. Apps like Scanner Pro (I just happen to use this one myself) allow for additional passcodes, so your scans are safe. Also, Disk Decipher is a great option to have encrypted storage on your phone - or your NAS - that also works on your computer! Makes sharing sensitive data easy and safe!

FIDO Yubikey - Would adding it to ios prevent that or not much ?

Fantastic! Thanks

It’s nice to see a video of what was in the proper weekly

Enjoyed the video

Biggest thing, and not that hard of a change, the access code to your Apple Device should be for access only. Not for changing passwords or settings. And Settings > Password should be behind a code/password/biometric that is NOT the access code. BTW - a lot of this also affects Android. You’re not safe there either.

this is exactly why i loved touch id so much

Very helpful video!

Glad you made this Apple security warning. I am shocked that Apple is not doing anything to change it.
Why not use a two device identification to prevent ID theft. The 2nd device would have the deciding authentication confirmation factor. Or call Apple to give verbal answers to preset authentication questions.

When I am in a public place near to other people I never unlock my phone. Also, I very rarely take my phone out of its locking holster when near to other people. There are people who who devised ways to fool the face and finger print ID.
For any phone, if someone gets hold of your phone and they know the password this is a huge issue. Because they have your phone they can use the two step authentication with the phone number.

Thank you for this video. I do use Face ID but for other things I may key in an alphanumeric code. I will now make sure I shield these “events” from prying eyes.

I am new to the iPhone was just wondering if it was possible to make it so that you only need a pass code to wake up the phone but a biometric access settings?

Thank You! 👍🏻
I’ve been using a six digit code on mine for years.

I decided to make a wait time between Face ID and passcode since it happened immediately. I am testing with a minute to see if I like it. I love the thumb print on the IPad but there is no option for wait time, it will only leave immediate as an option. Is there a way to change this? I have an IPad 9th generation.

Good info.

Very good video! Lots of people need to watch.

It would be helpful to have passcode numbers actively change their positions to make it more difficult to ID the numbers. I saw this years ago at a parking lot entrance.

Thank you. This scared me😮. But I got valuable info from you. Thank you. I will use this I have a tinted screen cover on my iPhone too.

Also using a security screen protector helps also as you can’t see from even a short distance . I have one and love it. Someone next to you can’t see your screen.

Very good video - thanks.
Possible solution for Apple (which you may have better access to than most subscribers to your channel) - change the position of each character on the numeric keyboard for the passcode each time it is accessed. I have seen this done on a POS device which needed a PIN code. Would stop most people from copying the passcode as it is often the pattern of what is pressed rather than the number itself that is memorised. An easy software fix which would stop a percentage of these cases from arising (wouldn’t stop the person who can remember a six digit passcode by numbers though 😕)

what do you think of the new 'stolen device protection?

Great channel you have here Tom, and this video is very informative. A chain is only as strong as its weakest link, and Apple have one here, but surely to limit the damage that can be caused is to request your current Apple ID password if you want to change your Apple ID rather than the pin number you use to unlock your phone. That way at least you will not loose control of your Apple ID and you will still be able to remotely wipe the phone. Nobody enters thier Apple ID password in public, so that would render having your pin number useless as the legitimate owner will still be able to wipe their phone. Simple fix for Apple I would have thought unless I am missing something. Clive

So use the faceID an passcode would be the best correct!??

Would using a YubiKey for 2FA on your phone help? Presumably the thieves would need your YubiKey to change your Apple ID password. I haven’t tried it though and I remember seeing on a crosstalk solutions video that they could add another YubiKey with only your pass code but I’m not sure if that’s still the case.

Dear Proper Honest Tech, Your knowledge and support is greatly appreciated. I will make changes as you recommend immediately! Please continue your support! Also Thankful I found your video.

2:21 ur actually right. Kind of, but the green screen is used by the 12 Pro instead.

Some phones allow set up lock SIM card if you completely power phone off, even if you entered passcode. - I dont know if there‘s a workaround. - I think you are out of luck if forget the unlock code. Inconvenient in emergency but at least some phones allow emergency calling by use of power or other buttons. - All possibilities depend on your phone, type of SIM or e-SIM, and operating system of device.

Do the Smart folders in Apple or Android allow you to create a separate passcode that is not stored on the phine or keychain?

Disabling passcode outright would be the best option as even in the rare case FaceID fails to work, connecting to a computer with ITunes where the iPhone has been backed up before will allow for full restore up to the backup date? I think on balance, the benefits of enhanced security & the avoidance of the pain of having to enter excessively long passcodes having to very rare instance of having to restore the iPhone to the latest backup date

Great video Tom! IMO, In order to change your iPhone passcode, Apple should require you to enter your Apple ID password.

My passcode for years now has been a whole sentence and my friends always thought I was just being over protective, now there is this threat and they see more of a reason to have a longer password.

Is it a good idea to use both Face ID and passcode as iPhone security?

Great video. I use FaceID or the fingerprint scanner on my iPad mini for this exact reason. Apple does need to give users the option to have additional layers of security enabled before an Apple ID password can be changed. Just a device password is not enough enough. This story is a perfect example of what can happen if that password is able to be changed too easily. If you don’t know the old password, the only way it should be able to be reset is with a link sent to the iCloud email or at an Apple Store with government ID. It is smart to have a strong password and if you ever have to enter it in public, never enter it in a crowd and be hyper aware of who is around you.

Thanks will subscribe

I use even if open you must put in Pin for open settings open Bank are not possible for have Bank id but when use my phone are fingerprint to my pincode are all apps important are pin code or my fingerprint so why can not do that have Sony Xperia 5 March III and can do that ❓

Does setting up security keys (like Yubikeys) would help?

Would it be better to use FaceID only, and disable Passcode?

Brilliant

What do you know about the Pegasus software?

I use Proton pass to do password storing

I think that if you have 2 separate codes would be best. One to get in and another for accessing info on the phone. It would be 2 codes you would need to remember.

A fingerprint sensor on the lock button would be a good feature. Failing that, adding a security key (like a Yubikey) for 2FA is more secure than SMS.

Thanks!