Change request: Don't allow Apple ID password to be changed in iOS with just a Passcode.

Question

Level 1

56 points

Change request: Don't allow Apple ID password to be changed in iOS with just a Passcode.

Please change iOS security to prevent an iPhone thief who knows the Passcode from locking out the victim's Apple ID account. This is a big iOS security vulnerability that was in the news recently. A woman's phone was stolen by a thief who also knew the iPhone's Passcode. He was able to use the phone to change her AppleID password. This permanently locked her out of her Apple ID and iCloud accounts. Because she also had her bank password on Keychain, the thief was able to drain her bank account of $10,000. So she lost much more than her phone and iCloud data.

There's no good security reason why someone should be able to change their Apple ID password on the iPhone with just the Passcode as authentication. There has to be a better way. At least require answering some security questions.

Posted on Mar 22, 2023 02:22 PM

Reply

Answer 1

Mar 22, 2023 02:38 PM in response to owenw4rd

owenw4rd wrote:

Please change iOS security to prevent an iPhone thief who knows the Passcode from locking out the victim's Apple ID account. This is a big iOS security vulnerability that was in the news recently. A woman's phone was stolen by a thief who also knew the iPhone's Passcode. He was able to use the phone to change her AppleID password. This permanently locked her out of her Apple ID and iCloud accounts. Because she also had her bank password on Keychain, the thief was able to drain her bank account of $10,000. So she lost much more than her phone and iCloud data.

There's no good security reason why someone should be able to change their Apple ID password on the iPhone with just the Passcode as authentication. There has to be a better way. At least require answering some security questions.

How to prevent a thief from changing your… - Apple Community

Reply