Losing your iPhone is bad. Losing your entire digital life, from photos to finances, is traumatic. The latter is unfortunately all too common. Journalist Joanna Stern recently published a report with The Wall Street Journal describes how thieves in places like New York not only steal iPhones, but also all the valuable data inside them. The culprit? The humble iPhone password.
The iPhone password can be used against you
Your passcode is designed to keep your iPhone and data safe, but it’s far too vulnerable to be considered real ensure. Once a thief identifies the six digits on your lock screen, it’s game over. That makes it a prime target for bad actors in cities around the world. It’s easy enough to spot over someone’s shoulder, but some thieves orchestrate routines to capture passwords with precision, tasking one person with recording others using the password on their phones too easy reference after a theft.
Your passwords unlock deeply personal parts of your iPhone. Within minutes of stealing your device, thieves can reset your iCloud password by entering the digits they saw you type. (You can see this for yourself: Go to on iPhone Settings > (Your Name) > Password & Security > Change Password. Your phone want just ask for your password again to start resetting your iCloud password. Yep.)
From there, it goes smoothly for the thieves. They can remove other devices from Find My Network and turn off Find My Tracking completely, locking you out of all your connected Apple devices. You lost your iPhone, but now you can’t use your Mac or iPad either. And because they changed your password, you can’t fix the problem on your end longer.
Face ID also won’t protect your sensitive apps, as they can all be unlocked with the passcode as well. That includes personal notes, banking apps, and money transfer apps like Venmo, Apple Pay, Coinbase, and more. People don’t just lose devices and data in these robberies, e.ghey lose real money. Scary stuff, and as it saysApple has no real answer to offer. But there are a few steps you can take to protect yourself right now.
Use an alphanumeric passcode on iPhone
The first thing you need to do is improve your password. Change to a longer, alphanumeric password—means one with letters, numbers and special characters. You can do this from Settings > Face ID and Password > Change Password > Code Options. Sure, it’s less convenient than a six-digit numeric password, but there it is far safer, especially since it’s much harder for someone to see you enter over the shoulder. Plus, you’ll just have to go through the pain of logging into it periodically, since Face ID and Touch ID will still be your authentication methods most of the time.
dont let anyone see iPhone passcode
Treat this new password as your ATM PIN. If you must print it out in public, cover your iPhone when entering the passcode, especially when you’re in a crowded place like a bar or train. Remember: This passcode is the key to your entire iPhone.
Beware of your password managers
Password managers can be a great way to keep your strong and unique passwords in one safe place. However, if possible, try not to use a password manager for financial apps. The Wall Street Journal reports that the thieves gained access to bank accounts because the information was stored in iCloud Keychain. They can simply autofill the password to break in, or access the enter keyring using your password.
Of course, password managers are much easier than remembering your passwords for individual accounts. If you want to use one for your financial apps, use a third-party password manager like 1Password or Bitwarden, as they require a separate master password to access. That way, even if a thief knows your phone’s password, they won’t be able to see your financial passwords.
Use an authenticator app instead of SMS-based 2FA
Always use a two-factor authentication (2FA) method if your banking app allows it, and make sure there is one dedicated authentication appnot one that works via text message. If the thief has access to your iPhone, they will be able to read any 2FA code that comes via SMS. Instead, choose an app like Aegis or Raivo that lets you set a unique password for the app, rather than relying on your iCloud password to get in. Like third-party password managers, hackers won’t be able to break into your authenticator app without the master password. Even if they have your bank password, they’re stuck.
Don’t keep pictures of your financial information on your iPhone
Finally, go through your photo gallery and notes and delete any entries that contain credit cards, bank details, social security numbers or identification documents. A scanned copy of your credit card is sometimes all it takes bad actor need to wreak havoc on your bank account.
(The Wall Street Journal)