How iPhone Thieves Lock You Out Of Your Apple Account | WSJ
Рет қаралды 2,354,808
Күн бұрынiPhone thieves around the country enable the recovery key to make sure the owners can’t get back into their Apple accounts-permanently.
WSJ’s Joanna Stern digs into why victims are forever unable to access their photos, videos, and more in their iCloud account. How can you prevent this from happening?
0:00 How stolen iPhone victims cannot regain access to their Apple accounts
1:01 How the recovery key works
3:20 Can you get back into your Apple account if you don’t have the recovery key?
4:12 How to prevent thieves from changing your recovery key
Tech Things With Joanna Stern
Everything is now a tech thing. In creative and humorous videos, WSJ senior personal tech columnist Joanna Stern explains and reviews the products, services and trends that are changing our world.
#Apple #iPhone #WSJ
@rinforthewin-ks1vk Жыл бұрын
Excellent follow-up, Joanna and the WSJ team!
@theJesai Жыл бұрын
‼️ *THE SCREENTIME PASSCODE CAN BE REMOVED/CHANGED WITH THE DEVICE PASSCODE! :(* The solution they mentioned won't work. When you hit forget passcode to reset your screentime passcode, it asks for your Apple IID passcode. if you hit forgot password again (for the Apple Id), you can reset it with the iPhone passcode, in turn getting rid of screen time and moving forward with this attack! :(
@richardwhite3456 Жыл бұрын
@@theJesai t lol
@jkirk1626 Жыл бұрын
@@theJesai you're right. It should go to show you the mainstream media is a total tribal rich kid clown show with zero substance.
@juan2049 Жыл бұрын
I have over 20,000 photos on my iPhone that I have taken over the past few years. I feel for this man. I hope he gets his memories back :(
@michaelcorcoran8768 Жыл бұрын
Yeah, it's probably worth finding a backup. If you have a prime account, I think Amazon photos gives you unlimited backup for photos but not videos.
@jasontomica8938 Жыл бұрын
@@michaelcorcoran8768 Google does also and it's wonderful
@truthteller4442 Жыл бұрын
Same here. People don’t understand the unbelievable psychological damage they’re doing to people when they steal their phone. These phone are now our entire worlds. I would be devastated if all my family pictures were just gone.
@_morgoth_ 10 ай бұрын
At least once a year (usually sooner), I transfer all my photos and videos onto an external drive I keep at home. Always good to have backups. If you really want to be safe, keep a copy of that external drive at a different location, like a relatives house across town, in case of a disaster at your house. Or you could backup in the cloud (service other than iCloud) as well if you are willing to pay that extra price.
@megapangolin1093 7 ай бұрын
And you are suggesting that these people care? They don't, and they have nothing to lose and think it is the owner's fault or Apples or the Popes, it isn't their problem, thats why they can do this time after time.@@truthteller4442
@harveybolton Жыл бұрын
Props to the WSJ for shining the spotlight on this, hopefully it forces Apple to add some preventative measures in a software update and to create a process people affected by this can use to prove their identity and get the iCloud account back.
@mitchellquartero Жыл бұрын
Exactly
@fernandoluna7337 Жыл бұрын
Yeah, until people start screaming "what about my privacy or why does Apple need that information". People should research better how to be better protected and not assume that the default settings are. Only issue really is that Apple let you drop and generate a new recovery key so easily. Also never understand why rely only on the passcode. That is on Apple but also most Apple users like Apple because is "friendly" and "easy".
@FogataMexicana 11 ай бұрын
The code should be sent in the mail like the way banks handle lost pins. Even for a fee. ❤
@bluekeybo Жыл бұрын
Apple should require the Apple ID password when: Changing the pin, changing the password. Apple should require both Apple ID password and phone pin if: changing your recovery key. In my opinion though, once you create a recovery key, the only way to remove it or change it should be by providing the existing recovery key. If you forget it, then that's it, you'll never get it back. So it's not a feature for everyone.
@InventorZahran Жыл бұрын
You can have either security or convenience. Losing a recovery key is inconvenient, but the fact that you can't access anything without said recovery key is proof of its efficacy as a security measure. Anything that has a backdoor for the sake of your convenience can also be exploited by crackers!
@kyrbies Жыл бұрын
Yes, it could be that simple... but then more people would probably lose their "memories"! There is currently only one major problem with Apple's approach: After 3 incorrect recognition attempts, FaceID is deactivated and MUST be activated by entering the PIN. And that's exactly where a thief can look on in public. Typical examples: Payment process does not recognize the face and asks for the PIN at the checkout... It is mounted in the car and does not recognize me because of the angle and asks for the PIN... On the slopes with sunglasses and helmet the same... so theoretically it would be one already helped if the biometrics were not switched off automatically after failed attempts.
@kyrbies Жыл бұрын
I wouldn't mind Apple's policy that if you forgot the password AND didn't create a recovery code, biometrics ALWAYS works to reset the password, but NEVER just the device PIN...
@GamingWeekends1 Жыл бұрын
Hi, you should also add the “Passcode Changes” to the list from screen time. If they have your passcode, they can also change your passcode. Without it, they can’t change it
@mitchellquartero Жыл бұрын
Thanks appreciate it
@charlesm.9858 Жыл бұрын
Done! Mahalo!!🤙🏼
@jkirk1626 Жыл бұрын
She couldn't change her screen brightness. She read the teleprompter.
@RONJAE212003 7 ай бұрын
Definitely did this as well👌🏽
@InventorZahran Жыл бұрын
So basically, Apple's big fail here was the idea of relying on the iPhone's passcode for anything other than unlocking the iPhone itself. Resetting the Apple ID passcode or regenerating a recovery key should require at least two factors of authentication, neither of which is the iPhone's passcode. Also, when using Touch ID/Face ID to unlock apps within the iPhone, it should fallback to the app's log-in credentials if biometric authentication is not successful (instead of prompting to enter the iPhone's passcode).
@charlesm.9858 Жыл бұрын
Correct ✅
@legendsaud Жыл бұрын
@@charlesm.9858 There are times you need to access your phone apps without face or touch ID. I mean there are people who you allow to access the apps - without bio-authentication.
@honewhetstone1732 Жыл бұрын
I think at the moment if FaceID fails for whatever reason, most apps I use fallback to their default login credentials like username/email and password or passcode. Have never seen a prompt asking for the iPhone passcode/phrase for third party apps.
@legendsaud Жыл бұрын
@@honewhetstone1732 I use it for whatsapp authentication and that's how it works.
@InventorZahran Жыл бұрын
@@snowycatinseattle Can you tell me how to set this up, or link me to a guide? This is exactly the solution I (and probably many others) have been looking for! I don't ever want to have an Apple Watch or a child account, so it's perfect for me.
@seth8629 Жыл бұрын
lol why do they let you create a new recovery key without the old one?! They would be on firm footing if they said once you *choose* to create a recovery key it cannot be replaced. But letting people just erase and create a new one is ridiculous!
@L2002 Жыл бұрын
because there is no the old one?
@mitchellquartero Жыл бұрын
Exactly
@j10001 Жыл бұрын
Because the recovery key is an encryption key for securing _iCloud storage._ If you forget it, they are essentially using 2FA (that is, your iPhone) to allow you to change your iCloud encryption key. It makes sense, since iCloud is really just a backup of your iPhone. So if you have the phone, there are no secrets. They clearly didn’t design the recovery key to be an _iPhone recovery_ key! I wish they would create something like that.
@itsalltakenup Жыл бұрын
The suggested fix also introduces other exploitable loopholes unfortunately
@MrMooCow199 Жыл бұрын
This is why I make a backup of ALL my photos and videos on iCloud on January 1st, every year. Everything is duplicated on 3 USB keys, and placed in my home, my parent's home, and a bank safe deposit box. Never log into banks on the phone. Never use payment apps or phone chips to pay anything. There might be a slight convenience for storing everything on the phone, but not worth the potential cost and consequences of losing that phone.
@xotvi 4 ай бұрын
You must be fun at parties, if that's your Jan 1st chore :D
@lachlanhunt Жыл бұрын
That screen time settings can be trivially bypassed by going through the forgotten screen time passcode flow. Eventually, an attacker can get to a password reset screen, and there’s nothing you can do to prevent that. It is absolutely flawed and Apple needs to fix it.
@FoxHatLeo Жыл бұрын
No, to reset screen time passcode, you need Apple ID and password. And since the attacker cannot get into the Apple ID screen to reset it, they can't reset the screen time passcode either.
@javtimestwo Жыл бұрын
@@FoxHatLeo 👏🏽
@samyili Жыл бұрын
@@FoxHatLeo When going down the forgotten screen time passcode flow, select "I forgot my apple ID password" and it allows you to reset the apple ID password without knowing the screen time passcode...
@v827 Жыл бұрын
@samyili If you have a recovery key set, you can’t reset your password without the recovery key. Just make sure you have Passcode Changes restricted along with Account Changed in Screen Time.
@charlesrank93 Жыл бұрын
@@v827 if they have your passcode, they can view saved passwords on the iPhone or on something like google chrome.
@leo_nidas Жыл бұрын
You’re a freaking awesome, Joanna! Thank you so much!
@JeremyDeBose Жыл бұрын
I dunno. Feels like these issues aren’t so much Apple or general tech “loopholes.”We can’t sit back and rely on a device to protect our devices and memories; we have to be smart and proactive and protect them ourselves, too.
@irrelevant2235 Жыл бұрын
I agree. This is just someone blaming someone else for his mistakes.
@NinjaRunningWild Жыл бұрын
“An ounce of prevention is worth a pound of cure.” -Benjamin Franklin
@jannertfol 6 ай бұрын
For convenience's sake, some of us have put all our eggs in one basket. Unless it's absolutely necessary, I wouldn't use the cloud for ANY storage. Back up your files onto SSDs, flash drives, etc ...and don't store them online at all. Don't do banking on a phone! I know it's the coming/done thing ...but resist. Use bank/credit cards or cash to pay for things. Do your online banking on a desktop computer at home. Etc. If you can't remember passwords, write them down someplace safe. If you have to carry them with you, ensure they aren't obvious, ARE written down, and aren't stored on your devices anywhere. Think in terms of scattering your data around, not collecting it all in one place.
@scapella1789 Жыл бұрын
Big issue, glad you guys are bringing the spotlight on it, changing my settings now
@ydorni5923 Жыл бұрын
The Screen Time PIN doesn't work. 1. Set Screen Time PIN. When it asks for your Apple ID, hit cancel 2. Try to Change Screen Time PIN 3. Say you forgot it 4. Phone will offer to let you reset with your Apple ID 5. Say you forgot it 6. Phone will offer to reset your Apple ID password with your device lock passcode
@ylihao Жыл бұрын
@@ydorni5923 Tag Joanna lol
@leoceoliveira Жыл бұрын
@@ydorni5923 I tried these steps and that's not what happened. Maybe I missed something? But I agree, more protections are needed urgently!
@kenclx 7 ай бұрын
@@ydorni5923shouldnt the passcode be only known to the owner? You forgot to include that part
@flyicestormpluto Жыл бұрын
Thanks or a great follow-up vido! The front-door analyogy really worked for me
@ruzzelladrian907 7 ай бұрын
Thanks, Joanna! The Screen Time lock tip has given me peace of mind.
@andersonsystem2 Жыл бұрын
Great video thanks. Apple needs to protect their customers.
@theJesai Жыл бұрын
‼️ *THE SCREENTIME PASSCODE CAN BE REMOVED/CHANGED WITH THE DEVICE PASSCODE! :(* The solution they mentioned won't work. When you hit forget passcode to reset your screentime passcode, it asks for your Apple IID passcode. if you hit forgot password again (for the Apple Id), you can reset it with the iPhone passcode, in turn getting rid of screen time and moving forward with this attack! :(
@Failure_Is_An_Option Жыл бұрын
You are responsible for your own protection. Get after it.
@Dfgbuiiyyyybb Жыл бұрын
Your passcode can be a… - 4 digit pin - 6 digit pin for even more security - An alphanumeric pass phrase for even more security. There are even more enhanced security features such as hardware UBI KEY if you want but would you as the average consumer sacrifice the convenience?
@Addlibs Жыл бұрын
Security key (or "UBI KEY" as you put it) wouldn't stop this attack at all, as it relies on physically stealing a logged-in iPhone, and Apple allows making significant changes to your Apple ID account using just the iPhone's PIN -- no 2nd factor required, even if configured.
@escobyte Жыл бұрын
@@Addlibs its more than that, they spy on you to see when you unlock your phone and write down the pin. Thats how they're able to get access to other parts of the phone, because they have the actual pin, not because it was unlocked
@Dfgbuiiyyyybb Жыл бұрын
@@Addlibs Yes I was referring to making it harder for people to steal your pin or passcode by choosing to use the longer pin but if they have all of that it wouldn't stop them.
@neil78b Жыл бұрын
Or just lock Apple ID changes and passcode changes through Screen Time which you set a completely different secondary passcode...Settings>Screen Time>Content & Privacy Restrictions>Account changes> Don't Allow
@urquell6483 Жыл бұрын
all yubikeys can be easily deleted in ios settings.
@brncllhn Жыл бұрын
Thanks so much for sharing on how to change the settings to prevent the takeover of iPhones! Much appreciated and I’ll definitely share this video.
@alecco5295 Жыл бұрын
SUPER HELPFUL! THANK YOUUU SO MUCH.. 10/10 as always Ms. Joanna
@Mohammad_Ali__ Жыл бұрын
Quite informative content. Better to be prepared before it actually happens.
@mgilija1588 7 ай бұрын
WSJ, always informative. Thank you for this.
@priultimus Жыл бұрын
I have a physical security key linked to my Apple ID. This would circumvent that. The whole point is for it to be the most secure option, incredibly frustrating you can bypass all this security with a 6 digit number. I wish I could disable changing apple ID passwords with your phone.
@realericanderson Жыл бұрын
You can it’s at the end of the video dingus
@neil78b Жыл бұрын
Or just lock Apple ID changes and passcode changes through Screen Time which you set a completely different secondary passcode...Settings>Screen Time>Content & Privacy Restrictions>Account changes> Don't Allow
@denumerable Жыл бұрын
Wait... a physical security key is bypassed by the recovery key setting? I thought the physical key would be the ultimate solution so I had some on order... (one for my person, one for a safe at home).
@reddbendd Жыл бұрын
the idea is to guard your phone with your life and keep it in a pocket with a zipper
@theJesai Жыл бұрын
‼️ *THE SCREENTIME PASSCODE CAN BE REMOVED/CHANGED WITH THE DEVICE PASSCODE! :(* The solution they mentioned won't work. When you hit forget passcode to reset your screentime passcode, it asks for your Apple IID passcode. if you hit forgot password again (for the Apple Id), you can reset it with the iPhone passcode, in turn getting rid of screen time and moving forward with this attack! :(
@olafvonbraun7300 Жыл бұрын
Thank you for making part 2❤
@Freakazoid12345 Жыл бұрын
Where's part one? They didn't even put a link in the description?
@el4266 Жыл бұрын
This video is so helpful!! Thanks.
@mitchellquartero Жыл бұрын
Awesome video thanks for raising awareness 4:13
@SteveMorton Жыл бұрын
Thank you for sharing the tip about the screen time passcode I would have never discovered that. But it is fairly effective once set. Apple need to do more to stop this issue
@Owen-il8ws Жыл бұрын
Apple truly can't do anything once you add a recovery key. It's not that they don't want to or don't believe him; it's that his data is encrypted and locked, and not even Apple can unencrypt it to change the password without the recovery key.
@africa_everyday 6 ай бұрын
Apple can surely do it, they just don't want to do it, as a result of preserving their image
@mutunekk Жыл бұрын
The big issue here is really the ability to make such significant changes to your security without any stronger safeguards than the PIN. My 5 year old is able to remember PINs just after 2 demonstrations - its really not that hard finding someone's PIN. I can understand why Apple did this... but for people who live in the Apple ecosystem this is really quite worrying. Luckly for the android users, Google OS is just not polished enough for this to be a problem.
@absyusuf4932 Жыл бұрын
I am terrified after watching this lol
@anand.chaudhari Жыл бұрын
Heard about Samsung Knox?
@Dk-qf8dd Жыл бұрын
Actually it is almost as much especially if you use Chrome as it can be a password repository like Settings > Passwords in iOS. One thing the thief cannot do though is permanently lock you out of you digital world.
@anand.chaudhari Жыл бұрын
@@Dk-qf8dd I use Samsung secure folder as well as Samsung pass too, bro
@mutunekk Жыл бұрын
@@Dk-qf8dd Yes, once you are in the phone, there is not much difference. However, there is 1 major difference between the platforms and its the fingerprint reader. On Android, a lot of phones only need the PIN/pattern on boot the rest is done using the fingerprint reader. So even if you figured out the PIN, you are still massively limited as the biometrics and or passwords are needed to change/access anything important. On my IPhone, the PIN is randomly needed and used for all sorts of security features. So as much as both are not perfect, the current Apple execution thanks to its convenience is by far riskier. All a android user neeeds to do, is to set access to passwords only via biometrics and the risk reduces significantly.
@micahwilgus Жыл бұрын
I’ve seen a comment on a previous KZbin video on how to make it harder for thieves to do this. You have to set a screen time passcode and then from there turn on the setting to prevent account changes so they can’t get into your iCloud account on your iPhone. You’ll also have to turn off of your email being accessed on the phone as well, because if you don’t and your email address on your phone is linked to your Apple ID they can just reset your Apple ID password. If they have the technical knowledge
@Dk-qf8dd Жыл бұрын
You also need to make sure you have turned off keychain and use a 3rd party password app.
@kyle7574 Жыл бұрын
Great reporting
@prometheus200 Жыл бұрын
Very important news. Thank u
@Kikusgca Жыл бұрын
The screentime passcode can also be bypassed easily if I remember correctly I saw one of the comments in your last video mentioning that.
@TheStrategyWargamer Жыл бұрын
Joanna Stern is amazing. I love everything she does. A few years ago I got to meet other legends in the Technology industry like Nilay Patel, Dieter Bohn, and even the legendary Walt Mossberg. Was hoping Joanna would be at The event (it was the last CNTL WALT DLT podcast episode ) Hopefully I can meet Joanna one day and meet another huge legend.
@TheStrategyWargamer Жыл бұрын
Keep on reporting on these amazing stories Joanna you are incredible!
@dominicrincker8280 Жыл бұрын
Wait!! Can we use screen time to limit any sensitive apps too!!?
@indianmedic Жыл бұрын
Would you have to put a lock on find my phone as well then ? Like screen time ?
@Ryan256 Жыл бұрын
4:12 shows how to prevent this. Great tip!
@SeBastian-wi4rg 10 ай бұрын
How to protect from this on android/ Samsung s23 ?
@OHHHHUSBANT 8 ай бұрын
Not using any sort of banking app, and storing every single password on your computer on a notepad
@user-sf5bt8eb4y 7 ай бұрын
correct me if im wrong, but I seem to recall anything with the updating of user recovery key profile portion requiring AppleID password(not the passcode)?
@solracer66 Жыл бұрын
There are 4 different ways to control access and of course requiring a combination of them is the best. The 4 ways, of which only 3 of them are generally in use are 1) Something you know like your pin or password; 2) Something you have like a Yubkey; 3) Something you are like a retina scan or fingerprint or; 4) Something you can perform like playing a short musical number or juggling or whatever. I really think #4 should be used more as for example people have a typing cadence that is fairly unique and hard to duplicate. Obviously this can change in different situations but there could be simple ways like having a pattern you wave the phone (triangle, square, figure eight with a certain cadence) in as a way to enter the passcode which could be used.
@Jibril_Abdulkadir Жыл бұрын
There’s also recovery phone contact and that can be removed so it feels like they can get into everything let’s say you lock your notes app and have recovery key in it not only they can change recovery key but can you’d phone passcode to get into that note to remove everything
@salhotra28 8 ай бұрын
Thanks 👍🏻 👏🏻
@alexdasliebe5391 Жыл бұрын
@4:17 Very nice security workaround
@micahwilgus Жыл бұрын
It also depends on where you are as well. You have to be aware of your surroundings. Having a privacy screen protector so others can’t see what your doing on your phone as well as making sure you are in a safe environment before doing something on your phone. I know that we all like to think everyplace is ok but it isn’t
@burlhorse61 7 ай бұрын
you sshouldn't be leaving your phone lying about in a public place anyway
@snazzysailor Жыл бұрын
Thank you
@AntennaMan 23 күн бұрын
This just happened to my roommate. His phone was stolen in NYC and the iCloud password was immediately changed. It seems Apple hasn't done enough to prevent this major flaw in their system.
@stefanjohansson2373 7 ай бұрын
I think I’m one of the few that blocks access to my Apple ID account with a demand for passcode for any account changes. It’s very rare that I temporarily have to remove this lock myself to be able to access the Apple ID account settings. If the thieves can’t turn of the “find my iPhone” they rarely can reset and sell them. 1. This is set under screen time - content / privacy restrictions - account changes, and of course that is a a unique code, not the same as used for unlocking the phone. 2. You can also set passcode to “always required”. This will block 99% of the thieves, but 1% of them just sell the phone to specific countries where IMEI-lock and all the other protections is removed very easily. It’s a myth that IMEI-lock works globally.
@dusty3194 Жыл бұрын
Also u can connect a cable and brute force generated pin in few hours
@rmb_dev Жыл бұрын
Apparently, creators of this video did know about it )
@abir5814 Жыл бұрын
How do.i access my Apple ID settings after turning on the screen time thing?
@Okamine Жыл бұрын
Apple should do something about this as soon as possible!
@charlesm.9858 Жыл бұрын
THANK YOU SO MUCH!!! Holy cow this world is getting crazy!! I left Samsung for Apple because of its security measures that it has which devices I really hope Apple fixes this, but thank you so much for this video I took the steps to safeguard my iPhone!! thank you again
@harrrambae 7 ай бұрын
should i provide my apple id on the screen time passcode?
@Netryon Жыл бұрын
It's situation they had in Lost in Space, when overseer Hastings took over control of doors and tried to override permissions and vent the airlocks.
@Praveen-or5ce Жыл бұрын
Excellent job. Hope Apple will find solutions for this
@Clark-Mills Жыл бұрын
Retina scan... is that where you sit on the photocopier?
@jessonmallari7619 Жыл бұрын
Loophole? More like negligence on the owner’s part.
@cobracommander.1958 Жыл бұрын
Good job keep educating the new thieves and give the old thieves a heads up lol...
@nikkipoo337 Жыл бұрын
There are still breadcrumbs leading to the recovery key even if some of you do what is suggested to keep it safe as some of the comments have already pointed out. Unfortunately current and new thieves are also watching this video to see how they can improve on their thieving skills. I see this video as more of a wake up call for some to focus on extra security protection barriers within your phone as well as within the apps used on the phone making it difficult to steal information which is more valuable to thieves than the phone itself.. Remember, even backups need backups….
@mdribblecastle Жыл бұрын
Great video! Most consumers will never do it because they have no clue how to manage files or backups..... but a local backup is the only real solution for these types of scenarios. You can't rely on Apple as your only source for photos + videos. Reply
@trenauldo Жыл бұрын
I only backup locally, never to the cloud. Would never trust my important photos and files to an Apple server farm somewhere.
@ECty68888 Жыл бұрын
I found a major bypass with this security tip of using different pin to block settings changes. The bypass is the Apple support app which lets you change passwords etc without having to enable changes (thereby entering new unique pin)
@finalfan321 Жыл бұрын
WSJ is my fav media from the US.
@andresate6314 Жыл бұрын
So basically, a thief can only do this if they actually have ur first passcode and are able to use the phone
@JC-jx9bp Жыл бұрын
Exactly, I don't know why such a fuzz. Just illiterate people who have no foundation on security.
@leoceoliveira Жыл бұрын
yes, which CAN happen. Some thieves are observing people from afar and getting their passcodes and then stealing their devices as a coordinated attack.
@Randii225 Жыл бұрын
This is why I always use Face ID
@neil78b Жыл бұрын
Or just lock Apple ID changes and passcode changes through Screen Time which you set a completely different secondary passcode...Settings>Screen Time>Content & Privacy Restrictions>Account changes> Don't Allow So even if the thief somehow gets your first passcode he/she cant do any changes without the second one.
@dmarti47 Жыл бұрын
Yes. This could happen because of the owner’s irresponsibility, or also at gun point.
@Imammaryasir000 Жыл бұрын
Need Joannas take on the sideloading app feature coming to iOS 17 in the coming months. What is Apple doing to keep its ecosystem secure?
@dcuoffendinghabits7949 7 ай бұрын
Have they added additional features so this can't happen to anyone else?
@LA-Creative Жыл бұрын
Crazy. I can’t use the recovery Security Key feature because my business has many devices, computers, phones, iPads, that can not all be upgraded to iOS 16 and OS Ventura (because I have expensive work software comparability issues). If you use the Security Key on one device, apple states that you will no longer be able to log into the older devices. That seems too broad and a security risk. There should be more granular security settings per device.
@wlonsdale1 Жыл бұрын
Build a NAS or use a usb stick for backup
@KeshenMac 7 ай бұрын
4:15 THANK YOU 🙏🙏🙏🙏
@classickid324 Жыл бұрын
Just a heads up there is a way around the screen time… I’m not going to say it for obvious reasons… However it should slow them down (assuming they do not know the way around screen time).
@LLOCKDOWN Жыл бұрын
Yes. And it’s very easy. It is not a solution. Apple have to fix this ASAP
@smallqwaro Жыл бұрын
You don't need to hide it lol, I'm sure anyone doing this knows about it already. Just find a way to keep your stuff safe.
@LLOCKDOWN Жыл бұрын
@@smallqwaro yes, but still… there are new scammers and thieves emerging everyday. And it’s better not to make a step-by-step tutorial for them. By the time they try to figure out how to reset screen time, the owner of the phone could find a way to access their iCloud and lock them out
@Aar0nDown 10 ай бұрын
I tried the screen time trick mentioned in this video, but it only grays out the setting making it unable to be pressed no prompt to put in the password when pressing on the setting in settings , i can however Lock Screen time with a password so making changes to things in screen time requires a password. At this point I don’t think I will be using the screen time trick unless someone else knows how to make it prompt you to put in your password for iCloud setting , just like it is shown in this video.
@vincentteodoro1264 Жыл бұрын
These loopholes need urgent action. How about considering the "Picture Password" as additional/optional security feature BlackBerry had before? 6-digit code is not secure enough.
@musasoyyo 8 ай бұрын
While Apple takes care of this (if they ever do) don't use passcodes instead use alpha numeric passwords thst are harder to guess or to memorize by just looking over your shoulder.
@Isletfemme Жыл бұрын
Did he ever get back his information? Is there a follow-up since this was aired?
@j10001 Жыл бұрын
He’s never getting it back. It’s encrypted with the recovery key the thief created. 😢
@kapadiaresidence Жыл бұрын
This screen time setting won’t work if you have the apple support app installed on your device. You can change the Apple ID password through the apple support app.
@j10001 Жыл бұрын
Thanks! Great point!!
@txemanovelo Жыл бұрын
It’s a bit misleading, how did the thief of the phone of the guy who went to Chicago got his PIN number? If he got that one, why he wouldn’t be able to get the new screen time one u guys suggest?
@ChadH2023 Жыл бұрын
Just use biometrics especially in public. The only time i use my pin is when i restart my phone and it's required.
@lightyagami3492 8 ай бұрын
The issue with biometrics is that the police can compel you to unlock your device without a warrant. Yes that would be a uncommon occurance for most but its something to consider.
@ChadH2023 8 ай бұрын
@@lightyagami3492 Just restart your phone, it requires a passcode to unlock it at start up.
@briantdaniel9280 Жыл бұрын
Can Apple improve on this? Of course! Can the average iPhone user be more proactive in protecting themselves? Absolutely! If you have to enter your passcode for ANY reason, make sure 100% that you are trying your best to cover and hide your hand. The first defense in protection from thieves is yourself!
@mickeylau1 Жыл бұрын
Android phones can lock APP, including setting and Google Play Stores, which provides an additional layer of security.
@lighttheoryllc4337 Жыл бұрын
What about siphoning it from the server side. Usually the servers lack DNSSEC security. You would need the ip address of your cloud ☁️ account for Apple photos. And some tools similar to Kali Linix
@matrixace_8903 7 ай бұрын
What are you yapping about? Do you really think "Kali Linux" can hack everything? It's lit just Linux distro that have cyber security apps pre-installed. "Usually the servers lack DNSSEC security. " Why do you think is this enough to hack into Apple's server? let alone any reputable online cloud storage provider.
@reddbendd Жыл бұрын
They provide you with an option to use physical security keys
@susanberdan1626 Жыл бұрын
That beautiful little angel. This is one of the worst . Please deal with them in a similar matter .
@stzw613 Жыл бұрын
I do not use mail, banking apps on my phone. I only wire via a bank scanner and security sms from the bank. (never let the laptop save usernames), and only use cash or bankcard while outside shopping etc. It's the accounting way. I do admit if banking app's are safe enough i would love to use them. For the moment it is still a no go for me personally. Great video. Thank you from The Netherlands.
@Glenn.Cooper Жыл бұрын
I appreciate the heads up on this issue, and I agree that Apple can probably do more to prevent this problem. But - as I understand it - I think the iCloud account's encryption makes it literally impossible for Apple to access the user's data without the local encryption key, effectively now in the control of the thieve. On this part Apple should NOT make a change - I love their security even if it can bite someone bad on rare occasions.
@neil78b Жыл бұрын
They already have measures in place for the incredibly paranoid that think they'll be in that .0002% of people that this happens to, it's called screen time. Lock Apple ID changes and passcode changes through Screen Time which you set a completely different secondary passcode...Settings>Screen Time>Content & Privacy Restrictions>Account changes> Don't Allow So even if the thief somehow gets your first passcode he/she can't do any changes without the second one.
@smallqwaro Жыл бұрын
The way they set it up is just so stupid imo
@africa_everyday 6 ай бұрын
Apple can access ur icloud account very easily. Remember, they provide the encryption
@Crystal-mn9rk Жыл бұрын
Adding on fingerprints verification would be helpful
@darioarias2966 Жыл бұрын
Not aware if anyone mentioned, but for the potential solution; you can change the screen time pin with the apple id which would render that method useless.
@FoxHatLeo Жыл бұрын
But the attacker doesn't know your Apple ID password, and they cannot reset it in the account screen as the screen time pin stops them, so this method would stop them.
@caseyb5 Жыл бұрын
When out in public, only unlock with you thumbprint or faceID, never using your code. That way won't be able to change any settings with out that code.
@garygoldstein7815 3 ай бұрын
Wait a minute... when they access using the 6 digit code then your phone is erased, assuming you activated Lost and Erase when phone was stolen. Apple told me this 2 weeks ago when my stolen iPhone showed up in Hollywood, Fl. I am in NC. Why doesn't Erase solve the problem?
@yeetedandi Жыл бұрын
I used to work at an Apple authorized Geek Squad and I probably had around 200 customers in the two years who unfortunately were locked out by because of the record key. The only other way was if they had a physical sim we could move to another phone and get the sms message code. 2/10 customers were frustrated, dissatisfied and confused at Apple.
@gbesukon1 Жыл бұрын
Deberian investigar a quien oertenece la cuenta de vivo en marte, seria muy agradable que apareciera en las noticias...
@boydseabiscuit2635 Жыл бұрын
leaving your digital property on the hands of third party is the price to pay here. there's a reason why some companies still insist on offline backup.
@Freakazoid12345 Жыл бұрын
Yeah, am I supposed to feel bad for people who waste money on over-priced phones while stepping over the homeless? 1st world problems.
@Freakazoid12345 Жыл бұрын
@Pablo of what? Spoiled people complaining about minor things/their lack of foresight to the world? Why would anybody be jealous of that? Are you a child?
@NinjaRunningWild Жыл бұрын
Prior to 2FA you would have to enter your existing password to be able to access account settings. Clearly they need to bring this back.
@longshot766 Жыл бұрын
This!
@L2002 Жыл бұрын
and what if you forgot that password and your are the owner, that's the problem. it's balanced.
@itsrichev Жыл бұрын
@@L2002 responsible user also require to remember and back up your password in the most secure way. so, first thing first, you're not even able to remember yours, then yeah...
@itsrichev Жыл бұрын
apple can easily let users to decide whether or not the 2fa + old password required is turned on. so, if somehow this kinda thing happens to them while having the 2fa off and it's a big deal for them to remember their own password, then it's their own fault. in the other hands, some users are still able to get the extra benefit of the extra verification step as they wanted.
@phuongha3113 Жыл бұрын
So don't lose your phone and the passcode at the same time.
@truthteller4442 Жыл бұрын
In Chicago, they were going around robbing people at gunpoint and also demanding that they give them their passcode as well. It’s more than just getting it passively/slyly stolen after someone was looking over your shoulder and memorized your passcode.
@bhanuprakashrao1460 Жыл бұрын
@@truthteller4442if it's at gun point then it's not Apple mistake. At gun point you can even just ask him tranfer all his money to your account. That's not a software security flaw.
@tiagomaqz Жыл бұрын
@@bhanuprakashrao1460 exactly.
@truthteller4442 Жыл бұрын
@@bhanuprakashrao1460 Thats immaterial and does not matter. The main point is that one simple passcode should not have the power to lock you out of your entire online ecosystem.
@TomNook. Жыл бұрын
You can have two phones, one public, one for your important stuff. I don't have any money related apps, accounts or data on the phone I go out with.
@Halloweenguy101 Жыл бұрын
every part of the iphone NEEDS to be locked behind face id AND a password. you should need both instead of one or another
@adrianmuino3412 7 ай бұрын
It is like an episode of "Get Smart" when Maxwell ask for the password and the person said: the old or the new one?
@ericrobinson2042 2 ай бұрын
This just happened to me and I lost over 20,000 photos 2,000 videos. The last pictures of my dog before he passed away, the last voice messages from my grandparents before they passed, all my photos from my travels around the world just gone. Apple was able to verify that I was who I said I was on the phone but would not revert my Apple ID back to the original email and allow me to change the password. It's heartbreaking. I'm at such a loss.
@krystalzzz9415 Ай бұрын
This just Happened to me on may 22! It boggles my mind that Apple does not do anything in cases where theft is evident. I just want my pictures back 😢
@ropro9817 Жыл бұрын
Great story and Apple's army of lawyers will, of course, never admit any fault. Could you do a counterpoint story about how all this works on Android phones? 🙏
@chillinJohnny Жыл бұрын
does't it work the same? like with the samll diffrence that you cannont generate your password to a found phone? like if you know the password to someones phone you can do exactly this same
@Danny... Жыл бұрын
It doesn't work the same at all. You can log into your Gmail from another device or recover your Gmail from another device. They can steal your phone but not your whole life.
@Freakazoid12345 Жыл бұрын
I've lost access to countless accounts for calling out child abusers online. Never trust your information to be stored online or on an over-priced portable device.
@Elyasafmunk Жыл бұрын
Google is much more apt to accepting other ways to login and access account
@apollomedia7210 Жыл бұрын
Convenience and security are very opposite.
@AndersonChan Жыл бұрын
So basically the underlying flaw is with traditional pins and passwords. It's slightly concerning to have account data protected by just the passcode to the device.
@housepianist Жыл бұрын
I’ve now taken the extra precaution of protecting my iphone and ipad. One thing that a user could do, and admittedly it would involve some work, is to backup all your photos and other important documents to an external HD or SSD and then delete those things from your Apple devices. You can keep essential ones on your devices but as long as they are backups externally, and not on your devices or in an icloud account, they should be protected. You could also store your photos on a non-Apple cloud service that you can access via the web and not an app. That way, if your phone gets stolen, a thief won’t know if you have another cloud service if you don’t have an app downloaded for it.
@davidv496 Жыл бұрын
So enable FaceID, don’t use your passcode in public so the thieves can’t walk into your house and change the locks
@nightlore000 Жыл бұрын
Apple still sometimes asks for your iD passcode even with face iD unlock .. I only answer calls when I'm out so no one could get my passcode number.
@truthteller4442 Жыл бұрын
In Chicago, thieves were driving around holding people at gunpoint and stealing their phones. But they were also demanding their passcodes, too. It’s much more than just having the phone passively and slyly stolen.
@the_alien293 Жыл бұрын
wow so smart
@mitchellquartero Жыл бұрын
Apple should do that with that feature
@mathmanchris666 Жыл бұрын
@@nightlore000 Thats only if you restarted your phone or you didnt position your phone within view of your face
@22745 Жыл бұрын
It is possible to disable the screen time password with the iPhone password too
@smallqwaro Жыл бұрын
Turns out you can change that too with the phone number, smh
The Wall Street Journal
Рет қаралды 1,4 МЛН
The Wall Street Journal
Рет қаралды 1,2 МЛН
The Wall Street Journal
Рет қаралды 326 М.
WSJ News
Рет қаралды 159 М.