How to stop iPhone passcode allowing Apple ID password changes?

[Moonjumper]

I have recently got a new iPhone, so I am now on iOS 11. When I set my passcode, it set it up so that my passcode can be used to change my Apple ID password. This is terrible for security and I want to remove this ability. It seems you only need the passcode to set it up, which is something I occasionally share for a friend to use my phone, but even without that, can be seen when using. My Apple ID is a whole different level of protection away. I want to disable this passcode capability, but cannot find a way. Can anyone help please?

 

[C DM]

I have recently got a new iPhone, so I am now on iOS 11. When I set my passcode, it set it up so that my passcode can be used to change my Apple ID password. This is terrible for security and I want to remove this ability. It seems you only need the passcode to set it up, which is something I occasionally share for a friend to use my phone, but even without that, can be seen when using. My Apple ID is a whole different level of protection away. I want to disable this passcode capability, but cannot find a way. Can anyone help please?

I'm not even sure where passcode could be used to change Apple ID password. Generally it will ask you for your actual Apple ID password before you can make Apple ID changes, and sometimes it will even ask you answers to some of your security questions too on top of it all. And that's without 2 factor authentication that goes beyond that.

 

[friednoodles]

I'm not even sure where passcode could be used to change Apple ID password.

According to this document it's possible on iOS 10.3 and later in Settings, but I've never tried it: https://support.apple.com/en-us/HT201355
(it may be that it's only available for accounts with two-factor enabled and that that's part of the process, too)

 

[C DM]

According to this document it's possible on iOS 10.3 and later in Settings, but I've never tried it: https://support.apple.com/en-us/HT201355
(it may be that it's only available for accounts with two-factor enabled and that that's part of the process, too)

Doesn't seem like it says much about it aside from either you entering your password or passcode but not really when one would be used or the other. Must have some additional measures if it's just the passcode that's in play as that would be just too simple of a barrier to change the password for an online account basically.

 

[NoBoMac]

I'm not even sure where passcode could be used to change Apple ID password. [...] And that's without 2 factor authentication that goes beyond that.

^^^friednoodles beat me to it.

With 2FA enabled, you can go to Settings > iCloud > Password & Security > Change Password where you will be prompted for the trusted device's passcode.

If you have two-factor authentication enabled for your Apple ID, you can reset your password from any trusted iPhone, iPad, Pod touch, or Mac with a password or passcode that's enabled.

https://support.apple.com/en-us/HT201355

 

[C DM]

^^^friednoodles beat me to it.

With 2FA enabled, you can go to Settings > iCloud > Change Password where you will be prompted for the trusted device's passcode.



https://support.apple.com/en-us/HT201355

So there's another layer of authentication then beyond a simple passcode, right?

 

[Nikiforidis]

I have recently got a new iPhone, so I am now on iOS 11. When I set my passcode, it set it up so that my passcode can be used to change my Apple ID password. This is terrible for security and I want to remove this ability. It seems you only need the passcode to set it up, which is something I occasionally share for a friend to use my phone, but even without that, can be seen when using. My Apple ID is a whole different level of protection away. I want to disable this passcode capability, but cannot find a way. Can anyone help please?

You should't share the passcode. Your passcode and your Apple ID password are personal data. You should be the only person that knows them. When Apple designed this feature (change with passcode on trusted devices) they had in mind that you are the only individual that knows the passcode.

If you are worried about the data your friends can access, you shouldn't let them know the passcode in the first place.

What I suggest? If they want to access your device enter the passcode (without letting them know) and let them use the device. You also mentioned that you recently bought a new iPhone that is running iOS 11, your device probably has Touch ID. You can unlock it in seconds or you can even enroll your friend's finger is he/she is using it frequently, he/she would be able to unlock the device, but would not be able to change the Apple ID password, since the passcode is required to do so.

 

[jpn]

so, if the original poster changes his apple ID password, then the passcode that had been able to be used will become invalid?
still not getting how he disables the passcode.

 

[Nikiforidis]

so, if the original poster changes his apple ID password, then the passcode that had been able to be used will become invalid?
still not getting how he disables the passcode.

No. The current passcode of the device will be able to let you modify the Apple ID password, even if you change your Apple ID password.

 

[C DM]

No. The current passcode of the device will be able to let you modify the Apple ID password, even if you change your Apple ID password.

With no other layer of authentication?

 

[NoBoMac]

If you are worried about the data your friends can access, you shouldn't let them know the passcode in the first place.

...you can even enroll your friend's finger is he/she is using it frequently, he/she would be able to unlock the device, but would not be able to change the Apple ID password, since the passcode is required to do so.

Great idea re: Touch ID. Better option than disabling 2FA completely or removing phone from trusted devices.

OP situation does not make sense in that you trust a person with using the device and its password, yet now concerned about the Apple ID. With the way everyone is tied to a mobile environment, you are in essence giving away the keys to the kingdom: can probably reset the passwords on everything one has from their phone via simple "forgot my password" links and the resulting "click this link to reset" emails.

 

[azeeb]

With no other layer of authentication?

That’s correct.

 

[C DM]

That’s correct.

That doesn't really seem to make sense that a password can be changed simply though a single simple passcode authentication.

 

[itsmilo]

That doesn't really seem to make sense that a password can be changed simply though a single simple passcode authentication.

I don’t think it actually changes any passwords. it’s more like the passcode sort of replaces the need to enter the AppleID password and you can use either to gain access

 

[C DM]

I don’t think it actually changes any passwords. it’s more like the passcode sort of replaces the need to enter the AppleID password and you can use either to gain access

Seems like the implication is that you can use it to access the ability to actually change the Apple ID password.

 

[Moonjumper]

Great idea re: Touch ID. Better option than disabling 2FA completely or removing phone from trusted devices.

OP situation does not make sense in that you trust a person with using the device and its password, yet now concerned about the Apple ID. With the way everyone is tied to a mobile environment, you are in essence giving away the keys to the kingdom: can probably reset the passwords on everything one has from their phone via simple "forgot my password" links and the resulting "click this link to reset" emails.

It does make sense. For example, my last girlfriend lived in an area with terrible phone reception. We would use each others phone based on which network could connect, or had battery life, etc. I don't use the Mail account for anything, so nothing to get there. Until now knowing my passcode was not much of a risk, and my passcode has been used a lot, so maybe other people have overseen it.

My Apple ID on the other hand is tied to my developer account, so much more of a risk.

And here is the thing for everyone. Someone gets your passcode. They can change that and change your Apple ID password. You are now locked out of retrieving anything easily.

 

[PhantomSoul]

I have recently got a new iPhone, so I am now on iOS 11. When I set my passcode, it set it up so that my passcode can be used to change my Apple ID password. This is terrible for security and I want to remove this ability. It seems you only need the passcode to set it up, which is something I occasionally share for a friend to use my phone, but even without that, can be seen when using. My Apple ID is a whole different level of protection away. I want to disable this passcode capability, but cannot find a way. Can anyone help please?

Apple claims this is 2FA because it requires the passcode (something you know) on a phone already connected to your account (something that you have). But aside from sharing, the passcode is extremely vulnerable to replay attack, especially in physically crowded places such as bars where someone could easily look over your shoulder as you enter it, or even record it with their phone’s camera. Then if they manage to steal your phone, they can reset your Apple ID password, finances, reset Face ID, and permanently lock you out of your account by setting up or changing your recovery key.

The setting that allows you to change your Apple ID password like this needs to be disabled, and password resets should require a more secure approach that is less vulnerable to replay attack than the phones passcode.