Secure Apple ID Against iPhone Theft
After acquiring my first iPhone, I stumbled across a video on YouTube by The Wall Street Journal (WSJ) [1] about how thieves are steeling peoples iPhones and, with just the victim's passcode, completely and permanently locking victims out of their Apple account (also detailed in another video [2] by the WSJ)
Both videos [1][2], as well as a video by Techlore [3] made (at least seemingly) in response to the WSJ's reporting, provide some guidance on what you can do to help protect yourself against something like his happening
In this blog post of mine, I'm really just gonna be outlining in a readable format, what was suggested by both the WSJ [1][2] and Techlore [3] on what can be done to help protect against something like this happening to you if your iPhone does get stolen
Use a Privacy Screen Protector
This one's kind of a low hanging fruit, but something as simple as using a privacy screen protector can help, simply because one won't be able to see what is on your screen if viewing your device from the side
I got myself this one off of Amazon, which seems to be a somewhat popular brand of screen protectors for iPhone (they have both normal and privacy screen protectors for iPhone form at least the XR up to the 15 series)
Use Longer, More Complex Passcodes
Using a complex passcode goes a long way, especially if it's an alpha-numeric passcode (where both numbers and letters are used)
Something like [111111]
or
[123456]
is pretty easy to guess, but having a
passcode like [727873]
, or even better,
something like [I 4m 7h3 m057 1337 h4x0r 3v3r!]
will improve the security of your device
And if typing out something like the alpha-numeric passcode I made up above every time you want to unlock your phone seems like a gigantic pain in the rear, you always have the option to
Use Biometric Unlock Options
Setting up either Face ID (on iPhone X and newer) or Touch ID (on iPhone 5-8, and iPhone SE (up to at least Gen II)), in combination with a strong passcode, will secure your device even further
With biometric unlocking, i.e. via Face ID, you won't need to enter your passcode every time you want to unlock your device, so you won't be inconvenienced by having a strong passcode, and the more you use it, the less likely a potential thief will be able to discover your iPhone's passcode
Create a Recovery Key
One of the things the aforementioned videos [1][2] thieves do is they create a recovery key for your Apple ID, which prevents you from using other account recovery options, and Apple from being able to do anything to help you per their own guidelines
So with that in mind, I STRONGLY recommend creating one yourself as soon as possible, even without concern for this type of thing happening, and storing it in someplace safe THAT IS NOT ON YOUR IPHONE
Plus, as explained in the Techlore video [3], this is a required step for enabling iCloud Advance Data Protection anyways, so if that's something that you have an interest in doing at some point, you'll already be ahead of the game there
To do this:
- 1: Open [Settings]
- 2: Tap on your Apple ID at the top of the Settings app
- 3: Tap [Sign-In & Security]
- 4: Tap [Account Recovery]
- 5: Tap [Recovery Key]
- 6: Enable [Recovery Key]
It will then display a recovery key, which you'll want to jot down, as the next screen will have you input it
Remember to store it somewhere safe, and off of your iPhone, lest you may be screwed in the future
Here's the link to Apple's support page regarding setting up a recovery key, should you wish to view it
Use Screen Time to Prevent Changing Your Passcode or Apple ID Password
As outlined in Techlore's video [3], and mentioned in one of WSJ's videos about this attack [2], you can make use of the Screen Time feature of the iPhone to lockdown the ability to change the device's passcode, as well as your Apple ID's password
To do this:
- 1: Open [Settings]
- 2: Tap [Screen Time]
- 3: Tap [Content & Privacy Restrictions]
- 4: Enable [Content & Privacy Restrictions]
- 5: Tap [Passcode Changes]
- 6: Tap [Don't Allow]
- 7: Tap [< Back]
- 8: Tap [Account Changes]
- 9: Tap [Don't Allow]
- 10: Go back to the [Screen Time] section
- 11: Tap [Change Screen Time Passcode]
From there, it will have you set a four (4) digit passcode which will be required to make any changes to anything under [Content & Privacy Restrictions]
When you are creating this passcode, be sure that you DO NOT MAKE IT THE SAME OR SIMILAR TO YOUR DEVICE'S PASSCODE
Use a Password Manager Other than iCloud Keychain
First off, if you're using a password manager, congratulations!
However, if you're using one properly, and that one is the one built into iCloud Keychain, then if you are locked out of your Apple ID, you're kinda screwed
What I would suggest, as well as what Techlore suggested [3], is to use a separate password manager
My personal recommendation would be Bitwarden
The Bitwarden app in iPhone can be used as your default autofill service, and can be unlocked via biometric, so you won't have to type in you (STRONG) master password every time you wish to access it
As a plus, if you have Face ID unlock for Bitwarden turned on, it will mandate the vault's master password to unlock it if Face ID can't unlock it (y'know, like, if someone steals your iPhone)
Wrapping Up
That's about all I've got for this one folks
Some other things that were mentioned between the three videos [1][2][3] were things like
- Using separate passcodes for sensitive apps (i.e. banking apps) when able, that are different and unrelated to your device's
- Not storing photos of sensitive documents (i.e. driver's license, tax documents) on your mobile device
- Not storing banking passwords a password manager (I do see this as a major plus for overall security, however I personally find it to be too big of a hit to convenience, so you do you on this one)
Sources
- 1: (YouTube) Apple’s iPhone Passcode Problem: Thieves Can Ruin Your Entire Digital Life in Minutes | WSJ
- 2: (YouTube) How to Prevent iPhone Thieves From Stealing Your Apple ID–And Your Money | WSJ Tech News Briefing
- 3: (YouTube) Stop iPhone Data Thefts Now!
CC BY-SA 4.0
This work is licensed under a
Creative
Commons Attribution-ShareAlike 4.0 International
License