What is says: Basically if you have a passcode on your phone and a thief knows it they can change your Apple password and you're pretty much completely fucked.
Scam: 1: Thieves go to bars as a team (since people are less likely to cover their phone while entering passcode.) 2: They watch or record people typing in their passcodes into the iPhone. 3: They steal the phone, often by misdirection. 4: They immediately open phone with passcode.
AND here's the part I wasn't really aware of: 5:They IMMEDIATLY change the user's Apple/iCloud password - which can be done with phone in hand using only the passcode.
So you can't log in, can't just find my phone, can't mark it as lost, can't change the password etc.
Also many people use iCloud keychain or a password manager that allows you to authenticate with your password - those are toast too.
And if you have banking apps that use passcode - toast.
I mean I knew once thieves got your phone and passcode they could start the process of changing passwords, but I didn't realize it was so quick and easy.
Moral: So you need to put in a long passcode with alphanumeric characters AND you have to ensure no one can see you type it in. It's way more important than I thought.
1. "Way to slow this down his with Screentime" In response to Reply # 0 Wed Mar-01-23 03:07 PM by handle
Found on the net.
1. Turn on Screen Time, set a distinct screen time passcode. (So you have a passcode to open the phone, and a different code to edit Screen Time restrictions.) 2. Enable Content & Privacy Restrictions 3. Within Content & Privacy Restrictions, set both Account Changes and Passcode Changes to Don’t Allow
This prevents an attacker from changing your Apple ID password or making changes to Face ID/Touch ID using just your passcode. It can’t block everything, though, but it limits the damage that can be done.
Now, if they have the phone they can try resetting passwords via iforget.apple.com.
If they know you username (which might be the email address on your email that they have access to, or in an email message, or in your contact list, or in a chat) AND they know the phone number on your iCloud account (probably the number of the phone they have in their hand) they can still send a notification to the phone they have in their hand and change the iCloud password.
So losing control of your phone and passcode still pretty much means you're toast.
Your only hope is to get on iCloud before they do and lock the device before they can reset the password.