They could easily allow second trusted device to reset with a pin. If there aren’t multiple devices, just force use of password to reset.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Stolen iPhone - Criminals have full control and Apple cannot help!
- Thread starter danclara
- Start date
- Sort by reaction score
Apple has a trail of all changes made to the account.
Simple enough to look back to before the alleged theft happened.
I think the OP said they reset the passwords via email, which they had access to.
So again, why can’t Apple just give access back to the original poster since they know what changes were made and can pin point who the original owner is?
Simple security posture is to use an email address that isn't configured on your phone. It's what I do.
My iCloud email address (login) isn't used for anything else and isn't configured on my phone. If I want to access it, I have to use my Mac or webmail.
Having your own domain name makes this easy.
Can they? Are Apple Store employees trained to authenticate documents? What if some one shows up with a fake ID. It opens up a Pandora’s box with conmen impersonating some one. Identity theft/Fake IDs is big in todays world.
That's decreasing the convenience, which many people seem opposed to.
But it still doesn't fix the problem of being able to reset the Apple ID password with the phone's passcode.
The OP said they went through his contacts and asked them for money, and got some.
Security or convenience, take your pick.
As for the phone passcode...I wasn't addressing that. The comment I replied to as about someone with the phone having access to iCloud emails.
Yep having additional step for resetting iCloud account won’t stop the thieves from using text messages or emails to reset other accounts.
Stop worrying about work around a, don’t give the keys(passcode) to your kingdom.
It doesn't have to be all or nothing. The primary issue is that once someone changes the Apple ID password then they can turn off Find My, reset FaceID, and have free reign to start hacking. All of these other solutions are incrementally helpful but still don't get to the root problem of losing control of the device if someone steals your device and passcode. There have been many proposals of how to address this, but I keep seeing people saying "well that's just the way it is." Talk about not thinking outside of the box.
Right, but with passcode and device wide open. The crooks just need few minutes to reset bank accounts, and passwords. By the time folks realize and try to mark device stolen, or report, the thieves have their financial accounts wiped out.
Bottom line don’t be lazy about passcode in public.
Verify with Apple Watch or use a alphanumeric password instead of a passcode which could be easily viewed and remembered by thieves
Yep. For those who think a patch will fix this are in for false sense of security. Only thing Apple can do is prevent loss of iCloud account. Some one with pin can easily reset financial accounts credentials with email and text. Turn on the airplane mode after getting access. The photos, emails and contents are still in their possession, doesn’t matter if the device is marked stolen or marked to wipe off clean.
I hope Apple gives more options but use other methods if PIn isn’t safe.
Mine doesn’t? My apps and banking etc have their own separate pin and passwords. I have not seen a bank app that links your account password to your 6 digit iPhone pin. How do you sign in to the bank online? Same with any other site or app like Facebook or outlook which mine has a separate PIN to open.
My bank app has its own pin and password too.
But I believe what the poster is saying is that, with access to the phone, you can use a "forgot password" link to send a text or email to the phone you're in possession of and reset the banking password that way.
To that end, a cool feature I wish Apple would implement:
A "secure folder" you can drop apps into. To access anything in that folder, you need to enter a password that's different from your phone password.
You could drop into that folder the settings app, your finance apps and anything else you deemed sensitive.
Seems like it would be easily to implement and very useful. It would also completely solve the ID theft issue that OP describes.
A "secure folder" you can drop apps into. To access anything in that folder, you need to enter a password that's different from your phone password.
You could drop into that folder the settings app, your finance apps and anything else you deemed sensitive.
Seems like it would be easily to implement and very useful. It would also completely solve the ID theft issue that OP describes.
This is interesting as I have started 3 separate requests to WhatsApp and not once have they helped me block my account.
Activity from the criminals on WhatsApp seems to have stopped. I sent a message to ‘myself’ 2 days ago and it has not been delivered.
I think when I got a replacement SIM, my attempts to login may have locked the account. The only reply from WhatsApp is that I can login after a 7 day reset period.
Similar BS to Apple. It’s all automated and no one can affect it.
At least Apple have telephone support. WhatsApp is email only in the uk.
I just ran a security check on all my bank accounts. When I do forgot password, they ask my card numbers/SSN, not account name. I don’t even get an option for password reset email or text unless I get through the validation screen. I wonder how the thieves changed OP’s financial account credentials?
All my Apple products are associated to an mobile device manager (MDM). Thief steals phone, I can still track it and see everything they do. I can even remotely hide all the apps except the settings app. Restore if I wish ( but then I lose access to tracking until someone signs back in ). There is no way to remove the MDM, once installed. They are typically free for a small number of devices (~10 to 20).
Happy thoughts to the OP, hope you get your account sorted.
Agreed. If my debit card is stolen and they have my PIN, I’d lose a lot of money. I don’t keep it all on that account, but enough where I’d be very upset.
My banks are not consistent on how they handle this, including banks where I have loans but no other accounts. And it also seems things are different in UK from US.
I don't carry a debit card, but if I did, I would not keep more than $200 or so in that account.