Don’t trust iPhone passcode to protect your data! There are a number of fairly simple additional steps you can take to properly protect your valuable data.
Losing an iPhone is always very bad. Losing your entire digital life is truly traumatic. Unfortunately, this happens all too often. Journalist Joanna Stern recently published an article in The Wall Street Journal explaining how thieves get access to iPhones, as well as all the data inside. And the culprit is often a simple passcode serving as a lock.
Your iPhone passcode could be used against you
The passcode is meant to protect your iPhone’s data, but it’s too vulnerable to be a true security solution. Once the thief identifies six numbers on the lock screen, it’s game over. And it’s easy to look over the victim’s shoulder. But some thieves are developing real schemes to recover these codes, commissioning a third party to make a movie, for example, to be able to easily replay the sequence after an iPhone is stolen.
The code opens large areas on the iPhone. Just minutes after the theft, a thief can reset your iCloud password by entering a few numbers that he recovered. iOS doesn’t require more to continue.
From there, the thief has access to everything. It can remove other devices from the Find My network and disable Find My, preventing you from using it for remote actions. You have lost your iPhone but can no longer use your Mac or iPad. And since he changed your password, there’s nothing you can do on your end.
Face ID also doesn’t protect your sensitive apps because they can be unlocked with a code. This includes personal notes, banking or money transfer apps like Venmo, Apple Pay, Coinbase, and more. Thus, people lose not only their devices and data, but also real money. Frightening. Apple doesn’t really have an answer, but there are some easy steps you can take.
Use alphanumeric code on iPhone
The first thing to do is improve the code. Choose a longer, alphanumeric one with numbers, letters, and special characters. To do this, go to Settings > Face ID & Passcode > Change Passcode > Passcode Options. It’s less convenient than a six-digit code, yes, but much more secure and reliable, especially for those looking over your shoulder. And you don’t need to enter it as often if Face ID or Touch ID are your usual authentication methods.
Don’t let anyone see your code
This code should be treated as your credit card code. If you must enter it publicly, do it very carefully. Remember that this passcode is the gateway to everything on your iPhone.
Use password managers
Password managers are a good way to store complex passwords in a safe place. However, if possible, try not to use it for your money-related applications. The Wall Street Journal explains that thieves were able to access bank accounts because the login information was present in the iCloud keychain.
Password managers are an easy way to remember passwords for personal accounts. If you use it for your financial applications, use a third party solution like 1Password or Bitwarden as they use a different master password. Thus, even if the thief were able to recover the code of your iPhone, he would not have access to your money.
Use an authentication app instead of SMS two-factor authentication.
Always use a two-factor authentication (2FA) method if your banking app allows it, and use a dedicated authentication app, not via SMS. If the thief has access to your iPhone, he will be able to get the 2FA code that comes via SMS. Instead, choose an app like Aegis or Raivo, which allows you to set a unique password for the app rather than using your iCloud password. Like third-party password managers, hackers won’t be able to get into your authentication app without the password itself. Even if they have your banking app password, they will be stuck.
Don’t keep photos of your financial information on iPhone
Finally, check your photo library and remove any images that contain information about your credit cards, bank accounts, and other social security numbers or identification documents. A scanned copy of a credit card is sometimes enough to get a thief into your bank account.