So if you only have 1 device and you’ve forgotten your password, how do you reset it?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Stolen iPhone - Criminals have full control and Apple cannot help!
- Thread starter danclara
- Start date
- Sort by reaction score
Actually the details of your bank card are likely secure, unless your banking app has the feature that allows the card details to be displayed (you’ve already said you used the same code for both your phone and banking app, so I made the assumption the thief would be able to access your banking app).
Also, if you’ve ever said yes to saving your card details to your device, the thief would be able to see these just from your device passcode (settings, safari, auto fill, saved credit cards).
Last edited:
iphone users want convenience. They want to be able to seamlessly upload files to icloud without any extra hassle and the present system allows them to do that. If Apple was to introduce an extra layer of security for the purposes of thwarting iphone theft that meant iphone users had to input a separate password/pin to access their icloud, how long will it be before users start complaining that it is getting annoying having to enter their icloud password/pin every time they want to upload a video or a picture from their iphone to the icloud?
ATM machines have security advice on them telling the user to cover the keypad so prying eyes cannot see but yet many people that have their lives inside their mobile phones will blatantly input their passcode/pin for all to see and not think twice about the consequences until it happens to them.
You cannot educate those that do not want to be educated and even when you do they become either absent minded or complacent which means their guard is let down and your are back to square one again.
ATM machines have security advice on them telling the user to cover the keypad so prying eyes cannot see but yet many people that have their lives inside their mobile phones will blatantly input their passcode/pin for all to see and not think twice about the consequences until it happens to them.
You cannot educate those that do not want to be educated and even when you do they become either absent minded or complacent which means their guard is let down and your are back to square one again.
I remember during covid how many of you were recommending to use the 6 digit pin instead in order to use apple pay.
And if remember correctly, even if I hide my PIN, apple shows every digit I press on screen before hide it with a dot. For someone with a big screen (let it be ipad, iphone max) it's really hard to cover the whole screen while typing a password.
Attachments
Last edited:
Go to an Apple store, show them a physical photo ID, and let them reset it for you.
Is it inconvenient? Sure it is. But it serves you right for being clumsy. Next time make sure you won"t forget it again.
No need for that. Leave the entire workflow as it currently is, just don't allow the Apple Id password to be changed without at least one of the following:
- current Apple Id password
- physical key
- previously generated recovery key
- access to another trusted device
- physical photo ID presented in person in an Apple store
Changing it based on the PIN of the very device you're currently using is dumb to say the least.
Last edited:
Yes, but… not having any questions is the easiest combination of them all.
I’d rather having some questions than none. The casual/opportunistic thief would not have anyway to answer them.
They are more secure than not having any security beside the passcode.
Besides, of course you should set the questions to something that cannot be learned through social media.
And finally, of course people should be vigilant when entering the passcode in a public location.
We are talking about increasing security. That’s all.
In the real world, that’s not how that works. What happens if your country doesn’t have any Apple shops?
How to use account recovery when you can’t reset your Apple Account password – Apple Support (UK)
If you use two-factor authentication and can’t sign in or reset your password, you can regain access after an account recovery waiting period.
Absolutely Apple could do that, but that’s hugely inconvenient for the user. Would users accept that?
But that’s adding to consumer inconvenience. Would consumers accept that?How to use account recovery when you can’t reset your Apple Account password – Apple Support (UK)
If you use two-factor authentication and can’t sign in or reset your password, you can regain access after an account recovery waiting period.support.apple.com
As I keep saying, it’s a trade off between security and user convenience. To make the system more secure, users will face greater inconvenience. The trick is to get that balance.
Some would. Make it optional. How hard can it be?
Besides, what do you mean by 'hugely'? If I went through the trouble of buying and setting up a Yubikey, then why would it be 'hugely' inconvenient to me to pick it up and use it for resetting my password (which isn't something I do on a daily basis anyway)? Now, if I have just one single device, no Yubikey set up, no recovery key generated, then by all means, let me reset my password with the PIN. Fair enough. But once I set those up, from that point on I expect them to be required. If it's inconvenient, so be it. Serves me right for setting up extra security and then forgetting the password.
If the point of the exercise is make it so that the Apple ID password can’t be reset by device passcode alone, all users would have to pick one of those additional measures. If the extra security were optional, there’d still be many people with devices where the Apple ID password could be reset using the passcode alone, and thus they are still vulnerable to having their passcode stolen.
I’m already less concerned about someone who has a yubikey having their device passcode stolen in the first place, as they are probably already more security conscious, and therefore more likely to be vigilant when inputting their passcode in a public location.
It’s the less security conscious that we need to balance security vs convenience for.
Sure. But that's their problem. They made a choice and must now put up with the consequences.
That's better than not having a choice at all.
I guess the same as people who aren’t vigilant when inputting their passcode in a public place; don’t properly protect it, put up with the consequences.
Heres another thing… if you have two-factor authentication turned on then you don't get the three security questions.
I went onto my apple account to try to change them and it doesn't give you the option. You cant even see what they were. (i know i set them because i still have the answers).
Unless i’m looking in the wrong place
I went onto my apple account to try to change them and it doesn't give you the option. You cant even see what they were. (i know i set them because i still have the answers).
Unless i’m looking in the wrong place
Yeah Face ID mainly fails in the morning when you first wake up and the sensors don’t fully recognize your face sometimes or if you put on shades. Touch ID didn’t fail often like Face ID. Apple was working to bring back Touch ID but the sensors failed through the OLED screen.
I presume because 2FA is more secure than security questions/answers, so switching on 2FA makes them redundant.
Wow, starting to rethink the thought of moving money into Apple Savings Account.
Yeah, we're kind of chasing our tail here.
Sure, if you're super vigilant and never, ever, make any mistakes, you never slip, you never have a bad day, then you don't have to worry about anything.
It would be nice, though, if a slight mistake didn't have to have catastrophic consequences, because you would be protected by a second layer of security. That's what a secure environment really is about. You wouldn't want to fly a plane in which all of the safety systems were interrelated and dependant on one single switch, which you could trip by mistake. Sure, if you're super-vigilant and never trip that switch, then all will be fine, but that's not the point. Redundancy is the single most important factor when it comes to safety and security.
But since when? It certainly wasn't like that back in the iPhone 5 era where a 4 digit passcode had to be entered every single time you used your phone. Not entering it in public would be a ridiculous suggestion back then.
And that's one of the problems with this, the passcode apparently gained additional functionality at some point in a fairly quiet way. Apple should have made it very clear.
I agree, but the single biggest change anyone can make is to be vigilant and keep your passcode protected.
This is actually a very good workaround, especially considering that the only way to change or deactivate the Screen Time passcode is by using the Apple ID password.
Thank you
It isn't a good workaround because Screen Time lock can easily be bypassed.