The passcode that unlocks your phone can give thieves access to your money and data. “It’s like a treasure box.” – as reported by the Wall Street Journal.
Watch the following video and get the bejesus scared out of you:
It is a SERIOUS flaw that Apple allows someone to create a Recovery Key on your phone just by knowing your phone’s unlock passcode (usually a 4-digit code).
If a thief looks over your shoulder, or an ex-boyfriend/girlfriend wants to destroy your life, they can do so in a matter of about 10 seconds and you will no longer have access to any of your old photos, contact, etc.. everything on your phone becomes theirs and even Apple cannot get the information back to you.
It’s a stupid flaw, because all Apple has to do is require that you put your iCloud password into the phone before creating a Recovery Key.. but now.. all the perpetrator needs is your iPhone’s unlock code!
BUT.. there is a solution and I’ll spell it out here. If you don’t want to lose every single picture you’ve ever taken with your phone, you should enact these settings to protect yourself. (At least until Apple fixes this flaw, but this flaw has been known about for well over 6 months so far and Apple has done nothing yet.)
Go into Settings > Screen time > set up a separate passcode for screen time (that is different from your phone’s unlock passcode)
Select Lock Screen Time Settings and create a passcode that’s different from your phone unlock code.
If you’ve already created a passcode, then select Change Screen Time Passcode and put in one that, again, is different from your iPhone unlock code (use a simple 4 digit code that’s easy for you to remember that you don’t punch into anywhere normally.)
Then go into Content & Privacy Restrictions and scroll down to Account Changes and change to Don’t Allow, then scroll back up and turn on Content & Privacy Restrictions.
In a few seconds you’ll see your name become greyed out in the top of settings.. this means that it is now active. People won’t be able to change your account settings now unless they know your phone passcode AND your screen time password.
This step is enough to slow the culprit down if he/she doesn’t have that much time to mess with your phone (such as at a bar or you are out and about. BUT if the culprit does have more time with your phone, then the next step is important to activate as well.
BUT BE CAREFUL WITH THE NEXT STEP, IF YOU DON’T FOLLOW THE INSTRUCTIONS AND WRITE DOWN YOUR NEWLY CREATED KEY AND PROMISE NOT TO LOSE IT, THEN DON’T DO IT, YOU COULD END UP LOCKING YOURSELF OUT OF YOUR iCLOUD ACCOUNT FOREVER.
This next step is important if the culprit has more time with your phone than just a few second, as a thief could reset your iCloud password – if they have your phone – by triggering the reset my password feature which uses SMS on your phone as verification. We need to disable that as well.
Turn on Recovery Key (yes, the very thing thieves do to lock YOU out of your account! Only this time you will be locking THEM out instead!) and store that key some place super private but accessible to you (or someone else you know). That way thieves can’t reset your password with SMS and your phone. If you don’t want your life ruined in a matter of seconds, you should activate this now!
But, be super careful with this. Once you activate the recovery key, you and Apple and the rest of the planet will NEVER be able to get into your iCloud account again if you ever forget your iCloud password AND lose the recovery key! Make copies of this key, put it in a file somewhere safe, put a copy at your house and another copy at your friend’s house. Just do not lose this number! It sucks that Apple is requiring us to enable this feature, but we have to if you don’t want it enabled and used AGAINST you!
To make changes in your account, since you just prevented changes above with Screen Time, go to Settings > Screen Time and then Content & Privacy Restrictions and turn it off (putting in your screen time passcode).. you may need to wait a second or two for the setting to kick in.
Now go to: Settings > then click your name at the top the screen > Sign-In & Security > Account Recovery > Recovery Key
Create a recovery key and store it with someone you know, on their phone or buried in files on their computer.. or on a piece of paper that you lock away somewhere… just make sure that you NEVER lose this key and always have access to it.
Once you’ve created that key, go back and TURN ON Screen Time security to get your phone back to fully protected.
You do this by going to:
Settings > Screen Time > Content & Privacy Restrictions > at the top Turn on Content & Privacy Restrictions (input your screen time passcode) and you are done.
You have now locked your phone down to the point where someone can’t lock you out of your iCloud account just by knowing your phone unlock code.