Hypothetically, What do I do if a thief observes my passcode and steals my iphone, changes my passcode and then changes my appleID password?
Am I locked out of my appleID account and all my other devices?
inaworldofhurt wrote:
Don't think I got an answer to this specific question:
What if I turn on Recovery key before this happens and make and store a recovery key. Will the recovery key allow access to my appleID account after the thief changes the password?
Having a recovery key or having a hardware token configured precludes the use of a trusted device to change an Apple ID, or the usual Apple forgotten-password access-recovery sequences—the user needs either a trusted device and the password, or needs the recovery key or a hardware token, and has no access to the Apple forgotten-password path from a trusted device, or by contacting Apple. Conversely, lose your recovery ID and forget your Apple ID password, or lose all of your hardware tokens and forget your password, and you're permanently locked out of the Apple ID.
Or shorter, if the thief can block you from changing your Apple ID by them creating a recovery key, you can block them by preemptively creating—and maintaining access to—a recovery key.
inaworldofhurt wrote:
Don't think I got an answer to this specific question:
What if I turn on Recovery key before this happens and make and store a recovery key. Will the recovery key allow access to my appleID account after the thief changes the password?
Having a recovery key or having a hardware token configured precludes the use of a trusted device to change an Apple ID, or the usual Apple forgotten-password access-recovery sequences—the user needs either a trusted device and the password, or needs the recovery key or a hardware token, and has no access to the Apple forgotten-password path from a trusted device, or by contacting Apple. Conversely, lose your recovery ID and forget your Apple ID password, or lose all of your hardware tokens and forget your password, and you're permanently locked out of the Apple ID.
Or shorter, if the thief can block you from changing your Apple ID by them creating a recovery key, you can block them by preemptively creating—and maintaining access to—a recovery key.
inaworldofhurt wrote:
So does that mean the thief can't change the appleID password with his now trusted device and stolen password since he doesn't have the recovery key?
See the section "How to protect yourself" here:
You're still in trouble with the other data stored on the iPhone.
inaworldofhurt wrote:
This is what I'm worried about.
https://www.wsj.com/video/series/joanna-stern-personal-technology/apples-iphone-passcode-problem-how-thieves-can-take-over-in-minutes/967C3B74-90D3-45EA-BAA4-4ECDBB24715D?mod=hp_trending_now_video_pos3
Read here https://9to5mac.com/2023/02/24/apple-anti-theft-features-ios-17/
inaworldofhurt wrote:
Hypothetically, What do I do if a thief observes my passcode and steals my iphone, changes my passcode and then changes my appleID password?
Am I locked out of my appleID account and all my other devices?
If you should somehow provide your passcode to others intentionally or otherwise, yes, you can get into trouble with your device and with your security.
Options to reduce risk here include use of Face ID or Touch ID, use of a longer passcode or password, and—for those with both lower risk tolerance and the ability to preserve a printed recovery key or physical tokens without loss—recovery keys, or hardware tokens. Support for the latter hardware tokens was only recently announced.
Having a recovery key or having a hardware token configured precludes the use of a trusted device to change an Apple ID, or the usual Apple forgotten-password access-recovery sequences—the user needs either a trusted device and the password, or needs the recovery key or a hardware token, and has no access to the Apple forgotten-password path from a trusted device, or by contacting Apple. Conversely, lose your recovery ID and forget your Apple ID password, or lose all of your hardware tokens and forget your password, and you're permanently locked out of the Apple ID.
inaworldofhurt wrote:
Hypothetically, What do I do if a thief observes my passcode and steals my iphone, changes my passcode and then changes my appleID password?
Am I locked out of my appleID account and all my other devices?
Yes that is a possibility.
Don't think I got an answer to this specific question:
What if I turn on Recovery key before this happens and make and store a recovery key. Will the recovery key allow access to my appleID account after the thief changes the password?
Sorry probably a typo or semantic issue but I don't understand "—the user needs either a trusted device and the password, or needs the recovery key or a hardware token"
So does that mean the thief can't change the appleID password with his now trusted device and stolen password since he doesn't have the recovery key?
What if I turn on Recovery key before this happens and make and store a recovery key. Will the recovery key allow access to my appleID account after the thief changes the password?
what if a thief acquires my passcode and steals my phone?
