Losing an iPhone can lead to not just the physical loss of the device but also the potential loss of valuable personal data. A recent report by journalist Joanna Stern in The Wall Street Journal highlights how thieves in areas like New York are not only interested in stealing iPhones but also extracting the valuable data stored within them. Surprisingly, the main culprit enabling this breach is the iPhone passcode.
Your iPhone’s passcode can be used against you
The passcode on your iPhone, intended to enhance security, unfortunately, can be exploited by thieves. It is not a foolproof measure to ensure the safety of your device and data. Once a thief gets hold of your passcode, it becomes easy for them to gain access to sensitive information. In some cases, thieves even coordinate to record passcodes being entered by individuals for later use after stealing their devices.
The passcode grants access to personal aspects of your iPhone. Within a short time of stealing your device, thieves can reset your iCloud password using the passcode they observed you entering. You can verify this by going to Settings > [Your Name] > Password & Security > Change Password on your iPhone. You will notice that your passcode is the only requirement for initiating the reset of your iCloud password, which poses a significant risk.
Once the thieves have control, they can remove your devices from the Find My network and disable Find My tracking, effectively locking you out of all your connected Apple devices. This means not only losing your iPhone but also being unable to use your Mac or iPad. Moreover, since the thieves changed your password, you are unable to resolve the issue on your own.
Even Face ID cannot protect sensitive apps on your iPhone, as they can all be unlocked using the passcode. This includes personal notes, banking apps, and money transfer services like Venmo, Apple Pay, Coinbase, and more. These thefts not only result in the loss of devices and data but also cause financial harm. Apple currently lacks a comprehensive solution to address this issue, but there are steps you can take to protect yourself immediately.
Don’t let anyone see your iPhone’s password
Keep your iPhone’s passcode confidential and treat it with the same level of caution as your ATM PIN. When entering your passcode in public, make sure to shield your iPhone from prying eyes, especially in crowded areas such as bars or trains. Remember that your passcode grants access to your entire iPhone and should be kept private for your own security.
Mind your password managers
While password managers can be a convenient tool for storing strong and unique passwords, it’s important to be mindful of their usage, especially when it comes to financial apps. According to The Wall Street Journal, thieves have been able to gain access to bank accounts by exploiting the autofill feature in iCloud Keychain. They can use your passcode to autofill passwords or access the entire keychain.
If possible, it is recommended to avoid using a password manager for financial apps. However, if you still prefer to use one, opt for a third-party password manager like 1Password or Bitwarden. These password managers require a separate master password to access, adding an extra layer of security. Even if a thief knows your phone’s passcode, they won’t be able to access your financial passwords stored in a separate password manager.
Use an authentication app rather than SMS-based 2FA
It is highly recommended to use two-factor authentication (2FA) whenever possible, especially for banking apps. However, it’s important to opt for a dedicated authenticator app instead of relying on SMS-based 2FA. If a thief gains access to your iPhone, they can read any 2FA codes sent via SMS.
Instead, choose an authenticator app such as Aegis or Raivo. These apps allow you to set a unique password specifically for the app, providing an additional layer of security. Similar to a third-party password manager, hackers will not be able to access your authenticator app without the master password. Even if they have your bank password, they won’t be able to bypass the authentication provided by the app.
Don’t keep pictures of your financial information on your iPhone
Ensure you do not keep any pictures or notes on your iPhone that contain sensitive financial information. Take the time to review your photo gallery and notes, and delete any entries that include credit cards, bank details, social security numbers, or identification documents. Even a scanned copy of your credit card can provide enough information for malicious individuals to cause significant harm to your bank account and personal finances. Keeping such information off your iPhone helps protect your sensitive data from unauthorized access.
