Apple security features confuse me - If my iphone is stolen, 2FA prevents me from logging into nearest available browser to lock it!
My iPhone was stolen recently and the experience was horrendous.
- Findmy was enabled
- 2FA was enabled
- Passcode was enabled
- FaceID was enabled
The thief snatched the phone whilst it was in my hand and unlocked - not ideal. I gave chase but could not retrieve it (within this time I would assume it would have locked itself). Within an hour they had managed to buy a new iphone on apple store using apple pay (surely faceid should have stopped this?!). There is no way they could have known my apple id pwd or passcode as it was a completely random theft on the street.
First thing i did was try to log in to findmy on nearest web browser to lock/erase the phone but i couldnt because 2FA was demanding a code that was being sent to my stolen iPhone! I had to find a phone shop to get a new sim card with same number and a burner phone to get the 2FA SMS sent to it to finally be able to log in. By this time, somehow they had removed my iphone from findmy so i could not lock/erase it. Given the iphone could no longer be trusted i removed as a trusted device but then i found out this removes the passcode?!
Maybe i misunderstand the setup, but none of this seems sensible to me, especially 2FA when your phone is stolen. How likely are you to have a 2nd trusted device/number nearby to be able to provide a code and log into findmy on a browser to lock the phone? i.e. if im abroad somewhere and all i have with me is my phone - if it is stolen all i will be able to use is a web browser with apple id/pwd.
It seems to me for device protection im better off without 2FA. Marking a device as untrusted should also completely erase it instead of removing the passcode - maybe this is the case and i misunderstand..
I am currently stuck with my new iphone trying to understand the best way to set it up so i dont have to go through the chaos i experienced last time.
All suggestions welcome!
