Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
@DeepIn2U On balance, my Face ID iPhones have never "randomly" asked for passcodes instead of unlocking with Face ID. There's always been a reason I can understand. I get it - from your perspective it might feel like others are giving bad advice, but consider that your experience is simply different from others' experiences.

"Don't use your passcode in public" is not bad advice. It's just missing context, which is that for these people - myself included - passcode prompts don't happen randomly. Maybe their faces / adornments / headwear / glasses are more Face ID friendly, maybe they use their phones in a way that makes it easier for Face ID to work right, maybe they have Apple Watches that help in those situations where the phone isn't quite sure it saw you, or maybe the environments in which they use their phones are easier on Face ID.

Some might even intentionally enter their passcode before going out just to avoid the time-based passcode check at an inopportune time.

It's unfortunate that you've had a lesser experience with Face ID. I hope it gets better.

I am humbled by your wisdom and kind nature. Thank you for helping me, remind me, that other views are valid even if the context needs to be looked at from another view - Forest for the trees.

Folks this is how you kill ‘em with words or as we say killin’em softly.
 
  • Like
Reactions: I7guy and Puonti
I'm not sure what you mean? Yes if you reboot your iPhone it will require a passcode but that's not something you would normally do in public. Yes FaceID can fail and make you put in the passcode but it's rare for me. I guess if you have to do it then just watch around you. It's definly not something you should need to do frequently.
Exactly.

Just like the signature used on governmental tax or property and other wealth possessions vs the sígnate you should have for bookings or visitors / guest book signing.

One is something you rarely need to do but it should be done in secret. I’m curious if those that are not as aware may be just as open about bank card or credit card code entry ?
 
  • Like
Reactions: russell_314
Exactly.

Just like the signature used on governmental tax or property and other wealth possessions vs the sígnate you should have for bookings or visitors / guest book signing.

One is something you rarely need to do but it should be done in secret. I’m curious if those that are not as aware may be just as open about bank card or credit card code entry ?
I think people don't suspect anyone will watch them put in the passcode. I'm surprised this wasn't popular before because it's called shoulder surfing and it was really popular when people manually put in their passwords on websites.
 
  • Like
Reactions: DeepIn2U
This thread made me use alphanumeric passcode. 8 letters. It forces me to use my face id now
 
I wonder why the system doesnt ask for a password when you try and enter settings, like it does when you try and look at your passwords.

I know it wouldnt have helped if they already spied this lady’s password, but it would stop a lot of thieves from changing anything
 
For the people who have had their iPhones stolen and their iCloud accounts hijacked, I have a question: Did any of you have more than one Apple product? (AirPods and Apple Watches don't count) Was the iPhone your only Apple device or did you also have iPads and Macs logged into the same iCloud account? I'm trying to figure out if Apple's iCloud Two-Factor Authentication which sends a six-digit code to your other logged in devices would prevent your iCloud account from getting hijacked.
 
Absolutely terrible for you.
In London U.K., organised gangs on mopeds snatch phones from people’s hands. Apparently averaging once every six minutes! They pass the stolen phone from one rider to another. The police are next to useless in catching these people.

For me, I only have the phone exposed if it appears safe to do so, hold my phone even when it’s in my pocket and have an immediate plan to execute if phone is stolen.
 
Guess I am very late with my reply, only saw the thread now and didn't go through all messages. The phone was robbed, not stolen - I don't say this to nitpick. When filing a police report and all that it makes a big difference, if you call the cops to report a robbery they will usually send someone immediately and try to locate the criminals. Whereas theft is treated with low priority. I was robbed before and there was a bit of confusion until the officer realized that I had a description of the guys and they were likely still walking around on foot.

Maybe less relevant in a crowded tourist spot, I am sure these are professionals doing this every day wheras my robbery was of opportunistic nature and uncoordinated.

Your assumption that the criminals kept the phone unlocked and went through everything is most likely correct. Nowadays even the most stupid criminals have caught on that locked Apple devices are pretty useless and don't sell well anymore. There is a good chance they robbed you just for the info stored for further phishing/extortion ("we have all your data, pay us or else!") schemes where they might make many thousands. The phone itself is worthless in comparison.

The message you received indicates the phone was indeed erased later, there is no confirmation afterwards as the phone will at that point remain locked with all functionality disabled except entering your Apple password to unlock it.

I strongly suggest you change your Apple ID password just in case, but not just that one:

Was it possible to access your e-mail account directly via the Mail app or were you perhaps logged into the account in Safari? They could have received and sent e-mails, possibly to reset other accounts where you can reset passwords via e-mail.

If you can restore ("permanently") deleted e-mails with your e-mail provider, you should do that and see what comes up, and contact your e-mail provider's helpdesk as well and ask them if they can see any further deleted e-mails. This can help you determine if the criminals did attempt anything via e-mail.

You should use this as an oppertunity to change the password on all your accounts, and possibly use a password manager. You could use the Apple default keychain for storing passwords as that would be locked by FaceID and your iPhone's passcode - but if someone spies your passcode, that's an issue. You can use a third party manager instead that has its own separate code.

It is good you now enabled screentime protections for account changes, since they did not know your passcode they couldn't do anything about your Apple ID password anyways, but in case someone does find out your passcode it's good protection for the time it takes you to remotely lock and wipe the device.

I only have the phone exposed if it appears safe to do so, hold my phone even when it’s in my pocket and have an immediate plan to execute if phone is stolen.
You might want to account for being in distress in case you were held at knifepoint etc., at that moment you might not be able to recall something like an Apple ID password from memory even if you know it by heart right now.

I'm trying to figure out if Apple's iCloud Two-Factor Authentication which sends a six-digit code to your other logged in devices would prevent your iCloud account from getting hijacked.
It does not as your iCloud logged-in Apple device is already implicitely trusted and can make any and all iCloud changes. It can also be used to confirm 2FA. So if anyone gains access to one of your Apple devices and knows the passcode that's game over. Apple's threat model unfortunately does not account for that at all. I consider that a grave oversight especially since criminals have successfully taken over accounts like that already, so it's by no means theoretical-only. You should lock down account changes in screentime and set a code that is different from your passcode, but that is only a short-term solution for the time it takes you to remotely lock that stolen device.
 
Absolutely terrible for you.
In London U.K., organised gangs on mopeds snatch phones from people’s hands. Apparently averaging once every six minutes! They pass the stolen phone from one rider to another. The police are next to useless in catching these people.

For me, I only have the phone exposed if it appears safe to do so, hold my phone even when it’s in my pocket and have an immediate plan to execute if phone is stolen.
one of many reasons glad I don't live in London.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.