🚀 Visit www.brilliant.org/reneritchie to start learning STEM for FREE for 30 days! First 200 get 20% off their annual premium subscription! 🔗 Joanna Stern at WSJ: ruclips.net/video/QUYODQB_2wQ/видео.html 🔥 Data Protection - The Ugly Truth: ruclips.net/video/x3f-YjL6yq0/видео.html
It's amazing how many people who will not use Face ID, or Touch ID because they don't want their fingerprint or something in a crime scene. Meanwhile they will put their birthday or something as their 4 digit passcode. Not sure why anyone would not use an alphanumeric passcode at this point.
Their excuse is they don’t want the police or government have their information. The government already knows everything about them lol. Everything is registered your number, address, DOB, driving license etc.
It’s a throwback to simpler times before smartphones were they had sim codes etc it’s time this feature was removed RIP no longer required it’s like PCs still support floppy disk drives after 10 years of their going obsolete
I work at a tech store. It’s a lot of tears when an account password is forgotten, and there’s no 2-step or backup email to recover the account right away. My mom is super anxious with tech, so even though I try to teach her to use her own devices, she knows if she forgets something, she knows I either have the password/code, or the backup email is mine. I do the same for my dad too. I watched the WSJ video, and told my mom to use her FaceID in public, or cover passcode if she needs to type it in.
Rene, some commenters from another video shared this ScreenTime hack with me, I've implemented it and it seems to work. Go to settings/screen time/content & privacy restrictions/scroll down to allow changes: then select don't allow for Passcode changes and Account changes, enable these settings with a different PIN. This locks out the Apple ID menu in settings and completely hides the "Face ID & Passcode" menu. Not too inconvenient as I rarely use these menus anyway.
In Brazil we use the screen time passcode as a second layer o security. Often thieves point a gun to your head and ask for the password when stealing the phone, but if you lock password changes or account changes behind the screen time passcode, even with the iPhone password they will not be able to gain access to iCloud or change the iPhone password. This often buy enough time for you to reset the phone through iCloud.
A thief can reset the screen time passcode so you can't rely on that. Here's how they could do it: "If you click Change Screen Time Passcode, and then Forgot Passcode? Then enter the Apple ID, you can then then click Forgot Passcode and it will let you reset your Apple ID password, using the phone passcode."
@@mrcommaker No, it doesn't. You literally only need to know the victim's Apple ID email address (which you can likely find easily enough by opening Mail or Contacts). Then as @Gusparagus described, you can reset the Apple ID password, which then allows you to reset the screentime passcode. But once the Apple ID password has been changed, it's game over anyway. Those Content & Privacy Restrictions in their current state provide a false sense of security that Apple needs to fix.
@@gusparaguss NOPE … IF thief shoulder snoops iPhone PIN , and you setup Apple ID recovery for screen time, they can’t reset screen time password it if they don’t have your Apple ID & Apple ID passcode … so it blocks the reset. The thief cannot reset it. Am I missing something? I just double checked on my iPhone.
One Idea: I think that the iPhone passcode should only give you limited access after being used. Face ID or Touch ID should be required after that to open up access to everything. In the event Face ID or Touch ID is not working, some other form of authentication should be required. Perhaps an additional security code or authorization from another Apple device.
In the US, passcodes are protected under the 5th amendment, while biometrics are not. That's why passcode is the ultimate form of protection as biometrics can easily be forced to gain access to the device.
@@phlinh97 If someone wants your iPhone (for example police): just press + and the right button for 2sec‘s and this problem is solved. You can even create a shortcut which could be activated by saying Hey Siri.
If people use the full protection available, (biometrics, alphanumeric password to unlock, being aware of your surroundings and treating your phone like the valuable piece of personal data it is) the system works in almost all cases. The breakdown isn’t a flaw in Apple’s security it’s a breakdown in personal responsibility to protect one’s data.
I'm finding more and more these days I'm cutting back on all the online accounts I've clocked up over the years and just keep it to a minimum. Finding these vile demons that want to ruin people lives very scary.
Go into Settings, select Screen Time, scroll down to Content & Privacy Restrictions, enable it, scroll down to the Allow Changes section, change "Passcode Changes" and "Account Changes" to Don't Allow. Set a Screen Time PIN to something different to your Passcode when prompted. This will protect your account as thieves won't know your Screen Time PIN and they won't be able to lock you out of your own phone.
That can be bypassed. There are still ways to get to the screen to change your Apple ID password by going through the Forgot Screen Time Passcode and subsequent Forgot Apple ID Password screens.
@@lachlanhunt true, but a thief won’t know your password for the Apple ID unless you have saved it in your keychain or notes on the device. Like anything in life it is a method to slow the process down and give you the opportunity to lock the device / erase the device
The problem with requiring your old Apple ID password to change it is how do you change it if you've forgotten the old password? And you can't rely on resetting it via your email because the thief would presumably have access to your email on your phone. A better solution to this whole problem is the following: 1) 24-48 hour cooldown period before you can change the password to your Apple ID which would give you time to stop any potential thief from changing the password by locking down the phone or wiping it. 2) Instead of the device passcode, require Apple ID password (when FaceID doesn't work) to access the following in settings: Passwords Change Face ID Turn on recovery key Etc. This could all be turned on as an optional setting for more privacy minded users.
With the new feature of being able to have friends help verify you, that could be another option in lieu of a long waiting period. Also, if there is a waiting period, Apple needs to email you during that period in case the reset request is fraudulent; if you can’t object and alert them, a waiting period doesn’t really help, just inconveniences the thief.
I’ve said for years that Apple need to implement a hierarchy of passcodes and passwords with differing levels of permissions and access. This would make devices and Apple accounts more secure by limiting the scope of the often used passcode, and reserving the master password for the truly important tasks. Passcodes should grant access to devices and apps. Device Passwords should be used to change settings on devices. (Like using an admin password on a Mac). A Master Password should be needed to make any Apple ID or account changes.
@@nauxsi that is the truth. I have people forgetting their passwords daily and they're on a six month cycle, they can't remember what they have entered daily for the last month
In my experience, all the banking apps on my iPhone use FaceID only. When FaceID fails, there is no backup using a passcode. You simply do not have access to the app. If you change/add a face on FaceID, the banking apps require to be setup again. The biggest threat as others have mentioned is allowing access to settings without another mechanism beyond a passcode. Even something as simple as an NFC ring, card or key would suffice. Heck, if you could have your iPhone completely lock if it loses sight of an airtag in your pocket/purse would be a perfect solution.
You can take away one problem by setting a DIFFERENT Screentime passcode that blocks changes in the AppleID settings, this way a bad guy can't change your account password and you can still use Find My. Remember that the passcode should be different!!
Unfortunately you can still reset the screen time passcode and Apple ID password with the device passcode by clicking "change screen time passcode" after setting it up.
@@jajefan123456789 that won’t work because then your iPhone will ask for the Apple ID and password, which aren’t retrievable. An attacker then would still need to have the Apple ID plus the Apple ID password.
@@jajefan123456789 If you set your Apple ID / password as recovery the iPhone PIN won’t reset or unlock screen time … I don’t see a way your comment works - let us know more detail if it does - that’s a serious flaw of true.
I use face id but had to enter my passcode when I was wearing masks during the pandemic. Touch ID can fail in the winter time as well when your fingerprints change due to dry skin. I had to re-enter fingerprints about once a week before face id in the winter. I changed my password to 6 characters after seeing this and may go up to 8 characters. One thing that helps, though, is getting emails and notifications on my watch so that I don't have to take out my phone often when I am out. I do not have credit cards linked to my iPhone and I have a model that isn't attractive. My iCloud password is over 16 characters long so probably pretty hard to guess. It is a real pain to enter it on a phone.
For me the simple solution would to require both face id and passcode for select apps like bank apps. Even opening the passcode and face id in settings should require both face id and passcode. Also at phone restart That would solve a lot of issues.
Am I nuts or missing something, in thinking that Apple could rather easily bring Touch ID back to the power button on iPhones and allow for 2-factor in-device authentication for apps so you need face and touch? Please correct me if I am wrong or ignorant here.
For months now I’ve been working on leaving my phone and not using it. I mainly stick to my Apple Watch with cellular, I’m still able to communicate with people without all the apps and other distractions. As soon as you take it off it immediately locks. No password ever being entered.
Changing your Apple ID password should require the old one. Simple fix. How many times have I had to enter my Apple ID password for a App Store purchase - why is it not the same to change the password?!
Require the current Apple password to change the Apple password (like every other website) and require a separate Keychain master password DIFFERENT from the phone passcode to access Keychain stored passwords if Face ID fails to authenticate. They already do this for Apple Notes. Notes has a separate password to access locked notes when Face ID fails to authenticate. You have the option in Settings to set that as a password that is NOT the device passcode. If a thief gets access to someone’s phone and the Face ID fails to authenticate and they don’t know the Notes password then the thief can not access locked notes even if they have the device passcode. Apple should do the same thing for Keychain password access for a failed Face ID authentication attempt. Something as critical as Keychain passwords should not be secured only by the device passcode.
A thief can reset the screen time passcode so that doesn't work. Here's how they could do it: "If you click Change Screen Time Passcode, and then Forgot Passcode? Then enter the Apple ID, you can then then click Forgot Passcode and it will let you reset your Apple ID password, using the phone passcode."
Long time that I saw your videos Rene.. excellent topic covered and yes I agree with the balance what convenience and security can offer.. it shouldn’t be too easy or too tough..
@@MilersMascots I didn't try it (because I don't even wanna go there if I can avoid it!), but in the video coverage they said that one can change the password WITHOUT entering the old one, that was part of the scandal!
It’s like computer viruses. The problem is between users who don’t understand basics of security. “Don’t let people see your passcode and steal your phone”, is it so hard to figure out ???
I set up screen time with a different pin, then turned off account and passcode changes, so now my account at the top of the settings screen is greyed out and inaccessible
@@steveaparicio Posting this from a previous comment: A thief can reset the screen time passcode so you can't rely on that. Here's how they could do it: "If you click Change Screen Time Passcode, and then Forgot Passcode? Then enter the Apple ID, you can then then click Forgot Passcode and it will let you reset your Apple ID password, using the phone passcode."
I have a different screen time passcode the prevents access to the accounts settings page on the iPhone. If you got my iPhone passcode, you can't change my apple ID password without first unlocking screentime to disable the lock of the accounts section.
A Bio should not be activated by a passcode as with face ID... Have Face ID and a separate passcode on my MFA apps too. And get a set of Secuitey keys with NFC and add those as soon as your on 16.3...
Firstly. why would someone want to turn off Find my Iphone app? All SETTINGS in the iPhone should have face unlock that as base authentication. You can add one more layer on it with passcode or fingerprint (if they decide to bring this to the iPhone). That should sort out these kind of issues.
Hello! We are averaging 85-120% retention on each short, but only get 2-5k views per short. Our last video was 45 seconds long and has 101% retention across its 2,050 views. I am pretty sure that is rare and a signal to go semi viral. Other channels I know have gotten 1m+ views with stats less than ours. (30 second clip with 85% retention) And they have just as many videos out as us. On instagram our videos get 20k-3million views each. Does youtube just have a slower explosion rate? Does youtube wait for a channel/short to get several weeks old before they pull its content more? We are 3.5 weeks old across all social platforms. Do we just need to wait a few more weeks to see our shorts hit those much larger numbers? Thank you!
This is one big if not biggest factor in me using Android as my daily driver (although I do have Apple devices - just not for critical stuff) other than price and third party parts/effort repairability, not being strong thief magnet.
What most people in this comment section don't seem to understand is that if you're in a situation where a thief is holding a literal gun or anything life threatening at you while asking your phone's password you will give it to them. This is quite common here in Brazil and it has happened to me. Result? In a matter of minutes they changed my iCloud password and disabled Find My right away. The real problem is that the key for the front door of your house (passcode to unlock your phone) is the same one used to open up your safe (iCloud password). So yeah, this HAS to be changed as soon as possible!
This is why I use privacy screen protectors on my devices. I know someone can stand behind me and still see my displays but it some protection which is better than none. Anyone without a privacy screen I can see their display from very far away. With privacy screens that protection dims your displays and make it harder to see at multiple angels.
I have an iPhone from my employer. When I replenished in January 2023, they required me to use at least 8 digits for the passcode, which is a lot better than the default 4 digits.
Here is a solution. When you go out on the town. Just wear the Apple Watch and leave the phone at home. In addition to the watch carry a minimum wallet with one or two credit cards and of course your Id. You still have access to text and some apps but if someone takes your watch it’s not the end of the world.
One easy fix could be to keep Apple ID and Apple wallet locked until we decide to unlock them. I have switched to alpha numeric password on my devices.
Title suggests we're going to learn about passcode issues, instead we get full drama scare tactics worthy of 24 hour news. The dude is smart, I wish he didn't need to add drama and hooks to get viewers.
Just introduced current FIDO security Key 2FA option to change iCloud password requires users Adding 2 different keys other than the 2 FIDO keys they might already used for iCloud 2FA. Requires current iCloud password has issue, as most people needs to change pass is due to forgetting their passwords. So only requires old pass way will lock way more people out than occasional victims of seeing their passwords at public.
Solution 2 If Apple just want user to enter password before allowing changing iCloud password, that has to be biometric authentication like Fingerprint or FaceID just keep asking until its 20 times fail then you have to wait for 5 minutes, next time wait 15 minutes, next 20 face ID fail will be 30 minutes wait, then wait until tomorrow.
Just put a lock on every app that type information including text message, and that’s it, I think it’s a scare tactic and something else who knows what yes it’s possible phones got stolen. Well, you know last three years humans start being like in suspended animation.
Its only a problem, if people let it. WHy we we forcing this onto Apple, when the user "chooses" to do this stuff,. Your not forced to share your phone, your not forced to use icloud...
This is a problem that was raised by the user community in Brazil for some years now and many people already got robbed and had their bank accounts wiped out. Apple didn’t care. Hopefully now that this problem is hitting home market, Apple will take some action.
First and foremost ist is a local problem. Apple is not responsible for the utterly worrying criminal situation in Brazil. And the iOS/iPadOS has the Screen On Time feature which the user can set up, making it a lot more difficult to change the Apple ID. And then there are 3rd party passcode managers. It is up to the user to take the steps available to secure a personal electronic device.
I blame FaceID... Back with TouchID, I NEVER had to enter my password. Now with FaceID, it happens all the time. A true regression that Apple should have addressed long ago IMO.
I’ve had the opposite experience, I’m a mechanic so fingerprint ID is useless for me. I’ve opened my phone(s) using Face ID hundreds of thousands of times with zero failures
Just like others, no issues with Face ID, but my MacBook has Touch ID, NEVER worked* for me. Any job that is hands-on. You just wear the finger tips down and constantly without a doubt, you end up locking yourself out. To the point I've given up with Touch ID on my Mac, but FaceID is beautiful. Even my Mom had her iPhone 6 or 6S, I can't remember which, where she literally had her finger registered, but never used it and it was massively slower than her using the iPhone X I gave her. It's more how she was using it rather than the process of it working out the biometrics. With FaceID, you just need to set it up with a larger face print than the small range it requests, so you can look a little off-axis.
Those Screen Time Content & Privacy Restrictions provide a false sense of security because you can bypass that. 1. Click Change Screen Time Passcode, and again in the pop up menu, 2. Click Forgot Passcode. 3. Enter email address (look in Contacts or Mail to find this) 4. Click Forgot Apple ID or Password 5. Enter Device Passcode 6. Screen to enter and confirm the new password appears. Game over.
Apple should bring back Touch ID. In order to change any sensitive data on your device, two of the three factor should be use to access. These steps could be 1 of the following, Face ID and Touch ID, Face ID and passcode, Touch ID and passcode, etc.
How about something as simple as REQUIRING unique passwords. Ive seen people who use multiple password managers, and all of them have warned them about hundreds of their accounts appearing in data leaks, and yet they still use the same passwords everywhere and don’t even change their passwords after they’re told they were in a leak. We gotta start with the basic stuff before trying to out-tech the bad guys.
It’s time especially on iPhone to unlock after a number of FaceTime failed attempts it requires your Apple ID password not a number code. Passcode just old fashioned and was used for smartphones as it was something that none smartphones users were used to in the pass it’s time for it to RIP no longer needed
This is a problem affecting almost no human alive. Given a large enough samples of life events, bad things can and will happen, but this is nothing worth thinking twice about. Don’t leave your $1,000+ computer laying around in public places. Solved.
@@andrewrea2799 fair enough- life happens. I have 2FA on at all my banks and biometric authentication on my phone. If someone yanks it from me, enjoy the expensive brick I suppose. I am not unique in having these tools made readily available to me and we’re far along now in the age of information where not being baseline technically competent and proactive is most certainly a fault of the user and not any software development team. This is being presented as though it’s an Apple oversight issue when it’s really just a matter of individual behavioral consequences.
As usual these reports always focus on APPLE! No mention is made that ALL mobile devices are vulnerable to this. So the public sees this as an Apple problem only and, well, Apple is BAD. An sure enough the Apple Discussion Forums lighted up with users asking if they should switch to Android.
This isn’t apple problem stop spreading wrong information, this is also an issue with androids they have a passcode want to be secure, be proactive and in a bar as you say, make sure no one is looking over your shoulder pick up the phone and hold it in a such way they can’t see it
🚀 Visit www.brilliant.org/reneritchie to start learning STEM for FREE for 30 days! First 200 get 20% off their annual premium subscription!
🔗 Joanna Stern at WSJ: ruclips.net/video/QUYODQB_2wQ/видео.html
🔥 Data Protection - The Ugly Truth: ruclips.net/video/x3f-YjL6yq0/видео.html
It's amazing how many people who will not use Face ID, or Touch ID because they don't want their fingerprint or something in a crime scene. Meanwhile they will put their birthday or something as their 4 digit passcode. Not sure why anyone would not use an alphanumeric passcode at this point.
it depends what kind of passcode you use. i use a 6 digit one but it isn't anything easy to guess like my birthday or family members birthday.
Face ID will not recognize me.
Their excuse is they don’t want the police or government have their information. The government already knows everything about them lol. Everything is registered your number, address, DOB, driving license etc.
It’s a throwback to simpler times before smartphones were they had sim codes etc it’s time this feature was removed RIP no longer required it’s like PCs still support floppy disk drives after 10 years of their going obsolete
Face ID is annoying
I think people underestimate how easy it is for our non-technical family members to lock themselves out forever when security is turned up to 11.
I work at a tech store. It’s a lot of tears when an account password is forgotten, and there’s no 2-step or backup email to recover the account right away. My mom is super anxious with tech, so even though I try to teach her to use her own devices, she knows if she forgets something, she knows I either have the password/code, or the backup email is mine. I do the same for my dad too. I watched the WSJ video, and told my mom to use her FaceID in public, or cover passcode if she needs to type it in.
Situational awareness. Treat it like you do when you go to an ATM.
Rene, some commenters from another video shared this ScreenTime hack with me, I've implemented it and it seems to work. Go to settings/screen time/content & privacy restrictions/scroll down to allow changes: then select don't allow for Passcode changes and Account changes, enable these settings with a different PIN. This locks out the Apple ID menu in settings and completely hides the "Face ID & Passcode" menu. Not too inconvenient as I rarely use these menus anyway.
In Brazil we use the screen time passcode as a second layer o security.
Often thieves point a gun to your head and ask for the password when stealing the phone, but if you lock password changes or account changes behind the screen time passcode, even with the iPhone password they will not be able to gain access to iCloud or change the iPhone password.
This often buy enough time for you to reset the phone through iCloud.
A thief can reset the screen time passcode so you can't rely on that. Here's how they could do it:
"If you click Change Screen Time Passcode, and then Forgot Passcode? Then enter the Apple ID, you can then then click Forgot Passcode and it will let you reset your Apple ID password, using the phone passcode."
@@gusparaguss To reset the screen time password you have to enter your Apple ID with it’s password so it protects it.
@@mrcommaker No, it doesn't. You literally only need to know the victim's Apple ID email address (which you can likely find easily enough by opening Mail or Contacts). Then as @Gusparagus described, you can reset the Apple ID password, which then allows you to reset the screentime passcode. But once the Apple ID password has been changed, it's game over anyway. Those Content & Privacy Restrictions in their current state provide a false sense of security that Apple needs to fix.
Yeah I just tried this, even with account changes restricted, it still lets you reset it with the iPhone passcode so I just turned the restriction off
@@gusparaguss NOPE … IF thief shoulder snoops iPhone PIN , and you setup Apple ID recovery for screen time, they can’t reset screen time password it if they don’t have your Apple ID & Apple ID passcode … so it blocks the reset. The thief cannot reset it. Am I missing something? I just double checked on my iPhone.
One Idea: I think that the iPhone passcode should only give you limited access after being used. Face ID or Touch ID should be required after that to open up access to everything. In the event Face ID or Touch ID is not working, some other form of authentication should be required. Perhaps an additional security code or authorization from another Apple device.
In the US, passcodes are protected under the 5th amendment, while biometrics are not. That's why passcode is the ultimate form of protection as biometrics can easily be forced to gain access to the device.
@@phlinh97 The original point still DOMINATES .. What you said is MERELY a consideration...
@@phlinh97 If someone wants your iPhone (for example police): just press + and the right button for 2sec‘s and this problem is solved. You can even create a shortcut which could be activated by saying Hey Siri.
Actually the Supreme Court ruled in 2019 that law enforcement cannot force you to use biometrics to unlock your device.
If people use the full protection available, (biometrics, alphanumeric password to unlock, being aware of your surroundings and treating your phone like the valuable piece of personal data it is) the system works in almost all cases. The breakdown isn’t a flaw in Apple’s security it’s a breakdown in personal responsibility to protect one’s data.
I'm finding more and more these days I'm cutting back on all the online accounts I've clocked up over the years and just keep it to a minimum. Finding these vile demons that want to ruin people lives very scary.
What is the probability of scumbags robbing you of your iPhone when leaving a bar at 3 a.m. ? Situational unawareness.
Go into Settings,
select Screen Time,
scroll down to Content & Privacy Restrictions,
enable it,
scroll down to the Allow Changes section,
change "Passcode Changes" and "Account Changes" to Don't Allow.
Set a Screen Time PIN to something different to your Passcode when prompted.
This will protect your account as thieves won't know your Screen Time PIN and they won't be able to lock you out of your own phone.
That can be bypassed. There are still ways to get to the screen to change your Apple ID password by going through the Forgot Screen Time Passcode and subsequent Forgot Apple ID Password screens.
@@lachlanhunt true, but a thief won’t know your password for the Apple ID unless you have saved it in your keychain or notes on the device.
Like anything in life it is a method to slow the process down and give you the opportunity to lock the device / erase the device
this comment is severely underrated.
The problem with requiring your old Apple ID password to change it is how do you change it if you've forgotten the old password? And you can't rely on resetting it via your email because the thief would presumably have access to your email on your phone. A better solution to this whole problem is the following:
1) 24-48 hour cooldown period before you can change the password to your Apple ID which would give you time to stop any potential thief from changing the password by locking down the phone or wiping it.
2) Instead of the device passcode, require Apple ID password (when FaceID doesn't work) to access the following in settings:
Passwords
Change Face ID
Turn on recovery key
Etc.
This could all be turned on as an optional setting for more privacy minded users.
This was my thought as well. Make it optional. I can turn on requiring entering the password if I want.
With the new feature of being able to have friends help verify you, that could be another option in lieu of a long waiting period. Also, if there is a waiting period, Apple needs to email you during that period in case the reset request is fraudulent; if you can’t object and alert them, a waiting period doesn’t really help, just inconveniences the thief.
That’s already mostly how it works now
Rene, thanks to bring this to the light. This is a major security issue here in Brazil where people rob your phone and force you to get the passcode
I’ve said for years that Apple need to implement a hierarchy of passcodes and passwords with differing levels of permissions and access.
This would make devices and Apple accounts more secure by limiting the scope of the often used passcode, and reserving the master password for the truly important tasks.
Passcodes should grant access to devices and apps.
Device Passwords should be used to change settings on devices. (Like using an admin password on a Mac).
A Master Password should be needed to make any Apple ID or account changes.
People struggle logging into email accounts where 2fa has been switched on.
@@nauxsi that is the truth. I have people forgetting their passwords daily and they're on a six month cycle, they can't remember what they have entered daily for the last month
In my experience, all the banking apps on my iPhone use FaceID only. When FaceID fails, there is no backup using a passcode. You simply do not have access to the app. If you change/add a face on FaceID, the banking apps require to be setup again. The biggest threat as others have mentioned is allowing access to settings without another mechanism beyond a passcode. Even something as simple as an NFC ring, card or key would suffice. Heck, if you could have your iPhone completely lock if it loses sight of an airtag in your pocket/purse would be a perfect solution.
You can take away one problem by setting a DIFFERENT Screentime passcode that blocks changes in the AppleID settings, this way a bad guy can't change your account password and you can still use Find My. Remember that the passcode should be different!!
Unfortunately you can still reset the screen time passcode and Apple ID password with the device passcode by clicking "change screen time passcode" after setting it up.
@@jajefan123456789 that won’t work because then your iPhone will ask for the Apple ID and password, which aren’t retrievable. An attacker then would still need to have the Apple ID plus the Apple ID password.
@@jajefan123456789 If you set your Apple ID / password as recovery the iPhone PIN won’t reset or unlock screen time … I don’t see a way your comment works - let us know more detail if it does - that’s a serious flaw of true.
I use face id but had to enter my passcode when I was wearing masks during the pandemic. Touch ID can fail in the winter time as well when your fingerprints change due to dry skin. I had to re-enter fingerprints about once a week before face id in the winter. I changed my password to 6 characters after seeing this and may go up to 8 characters. One thing that helps, though, is getting emails and notifications on my watch so that I don't have to take out my phone often when I am out. I do not have credit cards linked to my iPhone and I have a model that isn't attractive. My iCloud password is over 16 characters long so probably pretty hard to guess. It is a real pain to enter it on a phone.
If u have a watch on n are wearing a face mask the apple watch will automatically unlock the iPhone
@@anthonyvallejo1537 As Rene said, it will turn off if your iPhone and Apple Watch are separated.
@@anthonyvallejo1537 I have a Garmin watch so no automatic unlock but it saves me taking out my phone the vast majority of the time.
Screen time/ password
For me the simple solution would to require both face id and passcode for select apps like bank apps. Even opening the passcode and face id in settings should require both face id and passcode. Also at phone restart That would solve a lot of issues.
Always awareness. Firm believer in that.
My Apple ID passcode is about 24 numbers long. I can’t believe that Apple does not ask for it to typed in, before someone else can change it.
Hi Rene! The grey hoodie looks fantastic on you. Thanks for the tips.
Am I nuts or missing something, in thinking that Apple could rather easily bring Touch ID back to the power button on iPhones and allow for 2-factor in-device authentication for apps so you need face and touch? Please correct me if I am wrong or ignorant here.
For months now I’ve been working on leaving my phone and not using it. I mainly stick to my Apple Watch with cellular, I’m still able to communicate with people without all the apps and other distractions. As soon as you take it off it immediately locks. No password ever being entered.
Changing your Apple ID password should require the old one. Simple fix. How many times have I had to enter my Apple ID password for a App Store purchase - why is it not the same to change the password?!
Require the current Apple password to change the Apple password (like every other website) and require a separate Keychain master password DIFFERENT from the phone passcode to access Keychain stored passwords if Face ID fails to authenticate.
They already do this for Apple Notes. Notes has a separate password to access locked notes when Face ID fails to authenticate. You have the option in Settings to set that as a password that is NOT the device passcode. If a thief gets access to someone’s phone and the Face ID fails to authenticate and they don’t know the Notes password then the thief can not access locked notes even if they have the device passcode.
Apple should do the same thing for Keychain password access for a failed Face ID authentication attempt. Something as critical as Keychain passwords should not be secured only by the device passcode.
Also. Use your screen time limits for settings and all banking or sensitive apps. 1 min. Then that requires a different 4 digit passcode.
A thief can reset the screen time passcode so that doesn't work. Here's how they could do it:
"If you click Change Screen Time Passcode, and then Forgot Passcode? Then enter the Apple ID, you can then then click Forgot Passcode and it will let you reset your Apple ID password, using the phone passcode."
The OG is here after more than 2 weeks 🙃
Long time that I saw your videos Rene.. excellent topic covered and yes I agree with the balance what convenience and security can offer.. it shouldn’t be too easy or too tough..
As far I know this happens with every phone, even with Android, it’s not an iPhone issue it’s a every phone issue
yeah the original video states something like "some of the problems are on android too" when in reality its all the same problems.
But René, what about if your iPhone got stolen while unlocked? Won't they have the ability to change the lock code right there and there?
You need to enter the current passcode before changing the passcode
@@MilersMascots I didn't try it (because I don't even wanna go there if I can avoid it!), but in the video coverage they said that one can change the password WITHOUT entering the old one, that was part of the scandal!
You can’t change the device passcode without the current one. But you can use your device passcode to change your Apple ID password
@@chidorirasenganz Then I stand corrected. Thx.
I just randomly thought I've not seen one of you videos in a long time. you just dropped out of my suggestions completely.
It’s like computer viruses. The problem is between users who don’t understand basics of security.
“Don’t let people see your passcode and steal your phone”, is it so hard to figure out ???
I set up screen time with a different pin, then turned off account and passcode changes, so now my account at the top of the settings screen is greyed out and inaccessible
This seems like a solid workaround.
A thief can change that with just the passcode so you can't rely on that.
Gus it asks you to set a different PIN number to that used to unlock the phone so seems to work
@@steveaparicio Posting this from a previous comment:
A thief can reset the screen time passcode so you can't rely on that. Here's how they could do it:
"If you click Change Screen Time Passcode, and then Forgot Passcode? Then enter the Apple ID, you can then then click Forgot Passcode and it will let you reset your Apple ID password, using the phone passcode."
@@gusparaguss but how would they know my Apple ID as it’s grey out and not displayed anywhere on the phone?
I have a different screen time passcode the prevents access to the accounts settings page on the iPhone. If you got my iPhone passcode, you can't change my apple ID password without first unlocking screentime to disable the lock of the accounts section.
I sense a parable is appropriate. This reminds me of Anakin Skywalker turning to the dark side and eroding the confidence in his previous “worldview”.
Has this Flaw been Patched?
Isn't the simple solution to just use FaceID until Apple releases some new Security updates?
Never bring your phone to a bar, or if you own a phone stop going to bars...? YaH?
I read this article and was like... "are these old phones where you have to use passcode?". I don't get it... who uses passcode in this day and age??
when your fingerprint fails or the lighting in a club/pub stops face id registering properly
I am locked out of my screentime passcode. name in settings greyed out for all my Apple gadgets. cannot reset.
Thank you for making this video!
A Bio should not be activated by a passcode as with face ID... Have Face ID and a separate passcode on my MFA apps too. And get a set of Secuitey keys with NFC and add those as soon as your on 16.3...
Thanks for sharing. I appreciate your thoughts. Blessings on your day 👍🏻
Firstly. why would someone want to turn off Find my Iphone app? All SETTINGS in the iPhone should have face unlock that as base authentication. You can add one more layer on it with passcode or fingerprint (if they decide to bring this to the iPhone). That should sort out these kind of issues.
Hello! We are averaging 85-120% retention on each short, but only get 2-5k views per short. Our last video was 45 seconds long and has 101% retention across its 2,050 views. I am pretty sure that is rare and a signal to go semi viral. Other channels I know have gotten 1m+ views with stats less than ours. (30 second clip with 85% retention) And they have just as many videos out as us. On instagram our videos get 20k-3million views each. Does youtube just have a slower explosion rate? Does youtube wait for a channel/short to get several weeks old before they pull its content more? We are 3.5 weeks old across all social platforms. Do we just need to wait a few more weeks to see our shorts hit those much larger numbers? Thank you!
How to fix it
This is mostly an issue with people who refuse to use Touch-ID or Face-ID.
That’s why I like finnger print to open the phone and Face ID for anything else
This is one big if not biggest factor in me using Android as my daily driver (although I do have Apple devices - just not for critical stuff) other than price and third party parts/effort repairability, not being strong thief magnet.
Spelunking? Cave exploration... 🤔
What most people in this comment section don't seem to understand is that if you're in a situation where a thief is holding a literal gun or anything life threatening at you while asking your phone's password you will give it to them. This is quite common here in Brazil and it has happened to me. Result? In a matter of minutes they changed my iCloud password and disabled Find My right away. The real problem is that the key for the front door of your house (passcode to unlock your phone) is the same one used to open up your safe (iCloud password). So yeah, this HAS to be changed as soon as possible!
Why do people still use simple 6 digit passcodes?
This is why I use privacy screen protectors on my devices. I know someone can stand behind me and still see my displays but it some protection which is better than none. Anyone without a privacy screen I can see their display from very far away. With privacy screens that protection dims your displays and make it harder to see at multiple angels.
I have an iPhone from my employer. When I replenished in January 2023, they required me to use at least 8 digits for the passcode, which is a lot better than the default 4 digits.
Android has the same issue
Here is a solution. When you go out on the town. Just wear the Apple Watch and leave the phone at home. In addition to the watch carry a minimum wallet with one or two credit cards and of course your Id. You still have access to text and some apps but if someone takes your watch it’s not the end of the world.
Because everyone owns a cellular Apple Watch, right?
@@robertpesche Another reason to get one
I'm considering doing this, especially as the screens continue to get bigger. Plus its quite a bit harder to swipe a watch off your wrist.
The war you speak of is avoided by personal responsibility... It is one of the least used tools in every person's arsenal.
Why is a passcode the password change and not Apple ID or Face ID. Or even a second device authentication.
How many people here DO NOT KNOW their Apple ID passcode? Cmon most of you… but I hear you Rene people should know more than a 4 digit code.
iOS 17.3 lookin promising🤭
With Face ID, who still types in the code?
I always wondered what’s the point of the Face ID and Touch ID if the failed login will just give you the option to use your passcode
Convenience and more security. Passcode gets pushed if it Face ID/Touch ID has failed for numerous attempts
One easy fix could be to keep Apple ID and Apple wallet locked until we decide to unlock them. I have switched to alpha numeric password on my devices.
Title suggests we're going to learn about passcode issues, instead we get full drama scare tactics worthy of 24 hour news. The dude is smart, I wish he didn't need to add drama and hooks to get viewers.
Just introduced current FIDO security Key 2FA option to change iCloud password requires users Adding 2 different keys other than the 2 FIDO keys they might already used for iCloud 2FA. Requires current iCloud password has issue, as most people needs to change pass is due to forgetting their passwords. So only requires old pass way will lock way more people out than occasional victims of seeing their passwords at public.
Solution 2 If Apple just want user to enter password before allowing changing iCloud password, that has to be biometric authentication like Fingerprint or FaceID just keep asking until its 20 times fail then you have to wait for 5 minutes, next time wait 15 minutes, next 20 face ID fail will be 30 minutes wait, then wait until tomorrow.
I advise everyone to watch the video from the Techlore channel about this subject, they have some more tips to secure your iPhone.
I do not want to use FaceId or touched because then people can’t legally use my face or fingerprint to access my phone.
Just put a lock on every app that type information including text message, and that’s it, I think it’s a scare tactic and something else who knows what yes it’s possible phones got stolen. Well, you know last three years humans start being like in suspended animation.
People like convenience
i don’t use my phone out in public i use my watch for everything when i’m out
The easiest solution for most people is to change the passcode to an alphanumeric password like for a PC/Mac.
Ever have trouble with Face ID while driving and need to enter an alphanumeric password? Yes, people will do that, and yes, it is not safe.
Screen Time > Content & Privacy Restrictions; Sorted 👍
Apple needs to fix this! Enter the old password to change it not a passcode
Its only a problem, if people let it. WHy we we forcing this onto Apple, when the user "chooses" to do this stuff,. Your not forced to share your phone, your not forced to use icloud...
FaceID
Yup
Easily solved.... The manufacturer needs to re- make OG style phones (like Nokia 3110), where you can only text, call and play snakes.
👌
TouchID should come back, under the screen now that there’s nowhere for the button…or a side section.
This is a problem that was raised by the user community in Brazil for some years now and many people already got robbed and had their bank accounts wiped out. Apple didn’t care. Hopefully now that this problem is hitting home market, Apple will take some action.
First and foremost ist is a local problem. Apple is not responsible for the utterly worrying criminal situation in Brazil.
And the iOS/iPadOS has the Screen On Time feature which the user can set up, making it a lot more difficult to change the Apple ID.
And then there are 3rd party passcode managers. It is up to the user to take the steps available to secure a personal electronic device.
So they dont have Fact or Touch ID over there?
Or you could just take care of your stuff and be cautious…
Quick and simple solution: set up a different passcode for “Screen Time” and then restrict “Passcode Changes” and “Account Changes”.
“I sued my house maker because a thief entered my house using the key I obviously hid under the flowerpot in front of the house.”
Actually your front door key shouldn't be able to open your safe.
😮
@@pankenny2144 exactly! It is clearly a problem, your phone passcode should NOT give you access to your entire Apple iCloud account.
I set lock screen as passcode and everything else is Face ID. Not only that I let nobody see my passcode, full cover up like at the ATM.
I blame FaceID... Back with TouchID, I NEVER had to enter my password. Now with FaceID, it happens all the time. A true regression that Apple should have addressed long ago IMO.
I’ve had the opposite experience, I’m a mechanic so fingerprint ID is useless for me. I’ve opened my phone(s) using Face ID hundreds of thousands of times with zero failures
Just like others, no issues with Face ID, but my MacBook has Touch ID, NEVER worked* for me. Any job that is hands-on. You just wear the finger tips down and constantly without a doubt, you end up locking yourself out. To the point I've given up with Touch ID on my Mac, but FaceID is beautiful. Even my Mom had her iPhone 6 or 6S, I can't remember which, where she literally had her finger registered, but never used it and it was massively slower than her using the iPhone X I gave her. It's more how she was using it rather than the process of it working out the biometrics.
With FaceID, you just need to set it up with a larger face print than the small range it requests, so you can look a little off-axis.
Enter passcode to use face id is the biggest fail has done.
This why I sue Face ID all day by the time my phone reaches view height from my pocket I’m already in my phone
I have a way to combat this issue.
Go to restrictions in settings and disable account changes without a passcode. And use a different passcode for that option.
Those Screen Time Content & Privacy Restrictions provide a false sense of security because you can bypass that.
1. Click Change Screen Time Passcode, and again in the pop up menu,
2. Click Forgot Passcode.
3. Enter email address (look in Contacts or Mail to find this)
4. Click Forgot Apple ID or Password
5. Enter Device Passcode
6. Screen to enter and confirm the new password appears. Game over.
Apple should bring back Touch ID. In order to change any sensitive data on your device, two of the three factor should be use to access. These steps could be 1 of the following, Face ID and Touch ID, Face ID and passcode, Touch ID and passcode, etc.
How about something as simple as REQUIRING unique passwords.
Ive seen people who use multiple password managers, and all of them have warned them about hundreds of their accounts appearing in data leaks, and yet they still use the same passwords everywhere and don’t even change their passwords after they’re told they were in a leak.
We gotta start with the basic stuff before trying to out-tech the bad guys.
It’s time especially on iPhone to unlock after a number of FaceTime failed attempts it requires your Apple ID password not a number code.
Passcode just old fashioned and was used for smartphones as it was something that none smartphones users were used to in the pass it’s time for it to RIP no longer needed
I carry a burner, simple.
This is a problem affecting almost no human alive. Given a large enough samples of life events, bad things can and will happen, but this is nothing worth thinking twice about. Don’t leave your $1,000+ computer laying around in public places. Solved.
I believe that in this particular case the phone was yanked from the person’s hand, not just laying around unattended.
@@andrewrea2799 fair enough- life happens. I have 2FA on at all my banks and biometric authentication on my phone. If someone yanks it from me, enjoy the expensive brick I suppose. I am not unique in having these tools made readily available to me and we’re far along now in the age of information where not being baseline technically competent and proactive is most certainly a fault of the user and not any software development team.
This is being presented as though it’s an Apple oversight issue when it’s really just a matter of individual behavioral consequences.
APPLE should have TOUCHID for iphone. FaceID is a hassle when u wear a mask
Um, yes but they could cut a finger off to get fingerprints
Apple took to long to introduce physical security key tfa instead of sms
to be honest I know passcode would protect your phone but it’s kinda risky because if tap the wrong password your I phone will locked forever
As usual these reports always focus on APPLE! No mention is made that ALL mobile devices are vulnerable to this. So the public sees this as an Apple problem only and, well, Apple is BAD. An sure enough the Apple Discussion Forums lighted up with users asking if they should switch to Android.
Companies need to do a better job explaining to the illiterate masses how biometrics actually work
Yes bc we NEED Touch ID more than Face ID
This isn’t apple problem stop spreading wrong information, this is also an issue with androids they have a passcode want to be secure, be proactive and in a bar as you say, make sure no one is looking over your shoulder pick up the phone and hold it in a such way they can’t see it