Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this4:02 pm
April 27, 2017
Offline
BOTH AppleID and Google ID do not require knowing the original password... A HUGE security hole that I have raised with Apple that they downplay it
They might be downplaying it because it's not true. You do need to know the password. There is a way around it if you forgot, but you need a two factor authentication.
4:52 pm
March 30, 2017
Offline
smayer97 said
Then you are clearly unaware of the many creative ways that passwords, etc can be stolen...cameras, mirrors, "befriending", face scan, fingerprint, hacking, phishing, quishing, etc., or simply stealing your device right after you have unlocked it through distraction (often working in teams), and so much more.You also are unaware of how easy it is to change access once you are in... BOTH AppleID and Google ID do not require knowing the original password... A HUGE security hole that I have raised with Apple that they downplay it, opting instead to sacrifice privacy and security for convenience ... but I have had the PW changed by my daughter so easily (and I am an IT guy). And Don't be fooled by the latest "Stolen Device Protection" feature as it still does not address this simple issue.
You cannot lock your phone remotely if the phone is isolated from the internet, which is very easy to do.
Your phone is NOT as safe as you think.
And just as easily as you think you can lock your phone, you can easily lock your cards online via many banks today.
I am not sure which apple device u use that u can change ur appleID password without knowing the password and pass 2 factor verification.
On my iPhone, even after passing FaceID, I still need to put in appleID psd before I can change the psd. Do u use an iPhone ? What version and IOS… I am not an IT guy…
6:36 pm
September 29, 2017
Offline
Sorry, I overstated the issue... you do need the 4 or 6 digit passcode but you do not need 2FA. BUT that passcode is easily compromised, using some of the techniques mentioned.
This issue even made it into an article by a major publisher last year (about the same time I submitted my report to Apple):
https://mobilesyrup.com/2023/02/28/iphone-android-passcode-used-to-steal-accounts/
And there are vulnerabilities to the new security feature that are not hard to get through... sure certain things have to align, but creative minds know how to make that happen and take advantage.
I am simply saying that if you put too much trust in the technology to protect you, you are fooling yourself. Having a portable device that is constantly interacting with and visible to the outside world that is vulnerable to being intercepted makes it a de facto more vulnerable device. To think otherwise is unwise.
4:26 am
March 30, 2017
Offline
smayer97 said
I am simply saying that if you put too much trust in the technology to protect you, you are fooling yourself. Having a portable device that is constantly interacting with and visible to the outside world that is vulnerable to being intercepted makes it a de facto more vulnerable device. To think otherwise is unwise.
This i agree with you, but it wont stop me from using any apps on the phone either.
7:40 am
September 29, 2017
Offline
And so, it boils down to risk vs convenience.
6:38 am
November 18, 2017
Offline
savemoresaveoften: Two-factor authentication isn't that difficult if a thief has the stolen phone in their hands!
And in addition to all the above, phones that break or get lost still cause major inconvenience. And home computers are much less exposed to physical attack, AND they can be turned off when not in use.
RetirEd
1:04 pm
September 29, 2017
Offline
🙂
5:12 pm
March 30, 2017
Offline
RetirEd said
savemoresaveoften: Two-factor authentication isn't that difficult if a thief has the stolen phone in their hands!And in addition to all the above, phones that break or get lost still cause major inconvenience. And home computers are much less exposed to physical attack, AND they can be turned off when not in use.
Bank apps on the phone still require the bank app's password or faceID and then send u the 2-factor.
And even if the crooks able to change the appleID password and take control of the phone, and setup a new face ID, most bank apps will not accept the new face, but require the user to input the bank password before activating faceID again.
If one has upgrade an iphone and have done the data transfer, one will be fully aware of what I am talking about.
Not saying its fool proof, but not as easy as"take over the phone and take over ur world" scenario either.
Please write your comments in the forum.