iPhone Passcode Problem — The Ugly Truth

**Minimizing the Risks of Publicly Using Your Phone**

In today's digital age, it's becoming increasingly important to take steps to minimize the risks associated with publicly using our phones. With the rise of smartphones and social media, we're more connected than ever before, but this connection also comes with a set of vulnerabilities that can be exploited by malicious individuals.

**Assessing the Risks**

One of the main concerns is the risk of shoulder surfing or camera hacking. When we're in public, it's easy to get caught up in our own thoughts and forget about the risks associated with our devices. However, even a brief moment of distraction can give an attacker the opportunity to steal sensitive information such as passwords, credit card numbers, or even more personal data.

To mitigate this risk, it's essential to take steps to protect ourselves and our devices. One way to do this is by using strong passwords and two-factor authentication (2FA). While 2FA adds an extra layer of security, it can also be inconvenient at times. However, the benefits far outweigh the costs, as even a small delay in accessing sensitive information can make all the difference.

**Password Management**

Another critical aspect of securing our devices is password management. Using a weak or easily guessable password can leave us vulnerable to attacks. This is why it's essential to switch from passcodes to alphanumeric passwords, which are more difficult to crack. Additionally, using a third-party login manager or authenticator app can provide an extra layer of protection.

**Avoiding SMS Two-Factor**

SMS-based 2FA has been shown to be insecure in recent years, as attackers can easily intercept and read the verification codes sent via text message. This is why it's essential to opt out of SMS-based 2FA and instead use alternative methods such as biometric authentication or authenticator apps.

**The Importance of Biometrics**

Biometric authentication, such as fingerprint or face recognition, provides a secure way to verify identities without relying on passwords or 2FA. While these technologies may not be perfect, they are generally more reliable than traditional login methods. Moreover, using biometrics can provide an added layer of security in situations where we're unable to access our device's lock screen.

**Adopting Mobile Security Best Practices**

To minimize the risks associated with publicly using our phones, it's essential to adopt mobile security best practices. This includes:

* Using strong passwords and 2FA whenever possible

* Avoiding SMS-based 2FA

* Switching from built-in keychains to third-party login managers or authenticator apps

* Keeping our devices up-to-date with the latest security patches

* Using mobile security software that can detect and block malicious activity

**The Role of Tech Companies**

While individuals have a significant role to play in securing their own devices, tech companies also have a responsibility to prioritize security. Apple and Google, for example, are already working to improve mobile security through updates and new features.

**Real-World Trade-Offs**

In the pursuit of security, there will always be trade-offs. For instance, using strong passwords or 2FA may require more time and effort than traditional login methods. However, these sacrifices are far outweighed by the potential consequences of falling victim to a cyber attack.

**Conclusion**

Minimizing the risks associated with publicly using our phones requires a combination of individual effort and company-wide initiatives. By adopting mobile security best practices, prioritizing biometric authentication, and leveraging third-party login managers or authenticator apps, we can significantly reduce the risk of falling victim to cyber attacks.

By working together, we can create a safer digital landscape that benefits everyone.

**Additional Resources**

If you're interested in learning more about mobile security and how to protect yourself and your devices, check out the computer science and algorithm courses on Brilliant.org. With thousands of lessons and new content added every month, Brilliant offers an engaging and intuitive way to learn about AI, computer science, math, physics, quantum mechanics, Game Theory, and more.

**Supporting the Channel**

By checking out this article and watching the accompanying video on encryption and backups, you'll be helping to support the channel and its mission to provide high-quality content on mobile security and related topics. So why not give it a watch and help spread the word about the importance of mobile security?

"WEBVTTKind: captionsLanguage: enApple's iPhone has a passcode problem within three minutes I was locked out of my own Apple ID and within 24 hours there were thousands of dollars being taken out of my bank account that's according to Joanna Stearns reporting at the Wall Street Journal if you go to crowded places like a bar and type in your passcode obviously or frequently enough big bads can see it even record it then if they can also swiper most definitely yes swiping your iPhone as well they can use your passcode to reset the Apple ID password ripping away your ability to find Myatt and your access to your other Apple devices and then promptly start spelunking their way through your apps and bookmarks and more and yeah that includes any apps or sites where your passcode can let the built-in keychain password manager autofill access including those with SMS based two-factor authentication because yeah they have your phone and they will get that SMS which could include Banking and credit and cash and crypto apps but also photos you might have taken of your driver's license or passport and other documents Financial details and work product that you might have mailed or messaged and sex and nudes and any and everything else that could potentially lead to identity theft blackmail or other life and soul-crushing consequences further down the line now wait stop hold on I do not want to scare or sensationalize anybody anyone with any of this it is absolutely a legitimate potential harm but so is having your bag or briefcase stolen or crossing the street and that means the important thing here the key to anything and everything like this is awareness which is why I want to take a minute to really break it all down and go over it with you and yes none of this is new it's just back in the news so it's getting renewed attention but the war between security and convenience has been being fought for pretty much ever make security too tight and you keep people out maybe up to and including locking yourself out make convenience too easy and you get in fast but maybe so do all the super villains out there so you can try to minimize how often you're out in public maybe with bars and coffee shops being more optional than trains planes or offices you can keep your phone out of ice shot and in your pocket with quick social media and gaming hits being more far more optional than urgent text ride hails and directions you can stick to Biometrics like fingerprints or face unlock and take the extra frustration in few seconds to start over if for some reason it doesn't work the first or even third time you could switch to a longer stronger more entropically happy alphanumeric password instead of just a passcode if you're willing to give up some convenience and endure more hassles when entering it because as hard as it'll be for you to type it a few times a day or a week it'll be a bit harder for a true criminal to shoulder surf or just sneaky cam it you could switch from the built-in keychain to a third-party login manager so your other accounts are protected by another password entirely and make sure you never use SMS as two-factor but the login manager or another authentic indicator app so your own texts can just never betray you or if you're a super high value Target who would never even dream of flashing digital wealth like fat stacks of cheddar in a Costanza wallet from back in the day you could even use a burner a feature phone or busted ass old Smartphone when you're out in public just to stay in touch but also stay out of trouble because part of this whole equation part of the reason iPhones are specifically targeted Beyond just their North American ubiquity is their High resale value as sort of the evil cherry on top of the evil life stealing Sunday but there are absolutely positively things that the people who make our phones can and should do Apple and Android like if they don't already require the current account password not just the device passcode to change to a new account password that way even if someone shoulder surfs the code it's no longer the one code to just ruin them all there could still be damage but that damage would at least be mitigated to what's open and available on the device not an entirety of the internet and perhaps most importantly allow for multi-factor which I know can be tricky sometimes because there will be situations where you don't have access to whatever that second factor is but there are ways around that like just not using your device unless you take your ski mask off or registering multiple fingers in case you cut one of them or if a sensor breaks maybe it's using the account password or a recovery contact code or if you're wearing your watch that's linked to your phone that offers a prompt to allow entry all of which are extra annoying just none of them are life-shattering and apple already implemented something like this for mask unlocked during the pandemic they even made it so that if an eobod thrawn type grabbed your phone and ran it would relock the minute it got out of range of that watch so yes all of this comes with trade-offs for sure extra annoying steps for us and extra expensive tech support burdens for the companies when we inevitably do lock ourselves out but even at scale it's nothing compared to the real cost the real world damage of losing our digital lives or having them help to help us to recover it all which is why Joanna Stern is the butterfly key necklace wearing Mighty Thor of hammering issues like this into the public conversation so no doubt Apple and Google and Samsung and everybody are already red teaming over how to better address this going forward in future software updates and I'd love to hear all of your ideas your concerns your mitigations as well and to get involved directly to get out and help all these big tech companies push this forward check out the computer science and algorithm courses on brilliant.org that's today's sponsor brilliant makes college level courses available to you me to everybody it's just the most intuitive and engaging way to learn AI computer science math physics quantum mechanics Game Theory and more in a visual Hands-On way all designed for High Velocity learning to help you stay focused and reach your goals fast and Brilliant makes learning like a game with fun features that let you really challenge yourself all with helpful explanations all along the way so you're never left guessing only learning and Brilliant has thousands of lessons with more added every month so to try everything brilliant has to offer free for a full 30 days visit brilliant.org Renee Richie or click on the link in the description the first 200 of you will get 20 off Brilliance annual premium subscription so just click the button on the screen or go to brilliant.org Renee Richie clicking on that button really helps out the channel and so does checking out this video that explains all the real world trade-offs between encryption and backups something that should be even more interest everybody watching this video give it a watch and I'll see in the next oneApple's iPhone has a passcode problem within three minutes I was locked out of my own Apple ID and within 24 hours there were thousands of dollars being taken out of my bank account that's according to Joanna Stearns reporting at the Wall Street Journal if you go to crowded places like a bar and type in your passcode obviously or frequently enough big bads can see it even record it then if they can also swiper most definitely yes swiping your iPhone as well they can use your passcode to reset the Apple ID password ripping away your ability to find Myatt and your access to your other Apple devices and then promptly start spelunking their way through your apps and bookmarks and more and yeah that includes any apps or sites where your passcode can let the built-in keychain password manager autofill access including those with SMS based two-factor authentication because yeah they have your phone and they will get that SMS which could include Banking and credit and cash and crypto apps but also photos you might have taken of your driver's license or passport and other documents Financial details and work product that you might have mailed or messaged and sex and nudes and any and everything else that could potentially lead to identity theft blackmail or other life and soul-crushing consequences further down the line now wait stop hold on I do not want to scare or sensationalize anybody anyone with any of this it is absolutely a legitimate potential harm but so is having your bag or briefcase stolen or crossing the street and that means the important thing here the key to anything and everything like this is awareness which is why I want to take a minute to really break it all down and go over it with you and yes none of this is new it's just back in the news so it's getting renewed attention but the war between security and convenience has been being fought for pretty much ever make security too tight and you keep people out maybe up to and including locking yourself out make convenience too easy and you get in fast but maybe so do all the super villains out there so you can try to minimize how often you're out in public maybe with bars and coffee shops being more optional than trains planes or offices you can keep your phone out of ice shot and in your pocket with quick social media and gaming hits being more far more optional than urgent text ride hails and directions you can stick to Biometrics like fingerprints or face unlock and take the extra frustration in few seconds to start over if for some reason it doesn't work the first or even third time you could switch to a longer stronger more entropically happy alphanumeric password instead of just a passcode if you're willing to give up some convenience and endure more hassles when entering it because as hard as it'll be for you to type it a few times a day or a week it'll be a bit harder for a true criminal to shoulder surf or just sneaky cam it you could switch from the built-in keychain to a third-party login manager so your other accounts are protected by another password entirely and make sure you never use SMS as two-factor but the login manager or another authentic indicator app so your own texts can just never betray you or if you're a super high value Target who would never even dream of flashing digital wealth like fat stacks of cheddar in a Costanza wallet from back in the day you could even use a burner a feature phone or busted ass old Smartphone when you're out in public just to stay in touch but also stay out of trouble because part of this whole equation part of the reason iPhones are specifically targeted Beyond just their North American ubiquity is their High resale value as sort of the evil cherry on top of the evil life stealing Sunday but there are absolutely positively things that the people who make our phones can and should do Apple and Android like if they don't already require the current account password not just the device passcode to change to a new account password that way even if someone shoulder surfs the code it's no longer the one code to just ruin them all there could still be damage but that damage would at least be mitigated to what's open and available on the device not an entirety of the internet and perhaps most importantly allow for multi-factor which I know can be tricky sometimes because there will be situations where you don't have access to whatever that second factor is but there are ways around that like just not using your device unless you take your ski mask off or registering multiple fingers in case you cut one of them or if a sensor breaks maybe it's using the account password or a recovery contact code or if you're wearing your watch that's linked to your phone that offers a prompt to allow entry all of which are extra annoying just none of them are life-shattering and apple already implemented something like this for mask unlocked during the pandemic they even made it so that if an eobod thrawn type grabbed your phone and ran it would relock the minute it got out of range of that watch so yes all of this comes with trade-offs for sure extra annoying steps for us and extra expensive tech support burdens for the companies when we inevitably do lock ourselves out but even at scale it's nothing compared to the real cost the real world damage of losing our digital lives or having them help to help us to recover it all which is why Joanna Stern is the butterfly key necklace wearing Mighty Thor of hammering issues like this into the public conversation so no doubt Apple and Google and Samsung and everybody are already red teaming over how to better address this going forward in future software updates and I'd love to hear all of your ideas your concerns your mitigations as well and to get involved directly to get out and help all these big tech companies push this forward check out the computer science and algorithm courses on brilliant.org that's today's sponsor brilliant makes college level courses available to you me to everybody it's just the most intuitive and engaging way to learn AI computer science math physics quantum mechanics Game Theory and more in a visual Hands-On way all designed for High Velocity learning to help you stay focused and reach your goals fast and Brilliant makes learning like a game with fun features that let you really challenge yourself all with helpful explanations all along the way so you're never left guessing only learning and Brilliant has thousands of lessons with more added every month so to try everything brilliant has to offer free for a full 30 days visit brilliant.org Renee Richie or click on the link in the description the first 200 of you will get 20 off Brilliance annual premium subscription so just click the button on the screen or go to brilliant.org Renee Richie clicking on that button really helps out the channel and so does checking out this video that explains all the real world trade-offs between encryption and backups something that should be even more interest everybody watching this video give it a watch and I'll see in the next one\n"