Your Phone Needs A Second Passcode…
Screen Time – a setting on your iPhone – is about to become your best friend!
Why? Because it will protect you and your finances from some really bad stuff. Read on…
WSJ Sounds the Alarm
A recent Wall Street Journal article alerted the media, triggering an avalanche of tech articles. Some articles were accurate, some were useful, others off-base. This blog will boil the reports down to only the parts you need to know. For a deeper dive, consult the sources given later in this blog.
What’s the Problem?
The problem arises when a thief sees you enter a passcode that unlocks your phone. The thief, or an accomplice, then steals your phone. The robbers use the passcode to change your Apple password, which locks you out of your account. They run up charges on ApplePay, Venmo and Zelle. If you use online banking or a password manager, they can raid those accounts as well.
This is not speculation, it’s a genuine problem. The WSJ article gives case histories from six victims in New York and Minneapolis who lost thousands of dollars and, in one case, his life.
It’s an organized gang activity. Thus, perhaps one charming person spots your passcode, another steals the phone, and yet another leaves the premises with it. The reported cases typically include meeting someone in a crowded bar who turns out to be up to no good. However it could happen in many other situations, including to you or me.
How Can You Protect Yourself?
The news articles suggest steps we can take to block this scam. Many steps are helpful, but most important is last on this list, the Silver Bullet described below.
Here are steps for better security on your iPhone:
When we use an ATM we’re taught to cover the keypad to block prying eyes. We should do the same when unlocking our phone. Think of the phone as an ATM – which, for many people, it is. And never give your phone sign-in to anyone else. However, for many reasons, simply hiding the keypad does not completely protect you.
Use A Longer Passcode
Don’t limit yourself to four or six numbers. You can set your phone to use a long alphanumeric password that is much harder for someone to observe. If it’s longer than six characters and includes special characters, it can be a pretty secure password.
Unfortunately, using a long passcode is annoying for you, the user.
Use Face ID or Touch ID for Sign-In
Face or Touch ID saves you from typing any passcode. Unfortunately, biometric sign-ins don’t work under all circumstances, so you always have a conventional passcode too. And there are circumstances, including re-starting a phone, when you have to type in the passcode.
Beware of Password Managers
If you’re like most people today, it’s a waste of time if I suggest not banking via smartphone. However, if you use your phone for bank accounts and cash payment apps like Venmo, please don’t store those accounts in a password manager that requires only your phone passcode.
Beware of 2FA
Most of us, correctly, realize that Two Factor Authentication provides useful security when checking into important accounts. However, many 2FA systems work by sending you a text, or with an app such as Authy, Google Authenticator or VIP Access that resides on your phone. Therefore, if someone can get into your phone, 2FA doesn’t protect you from that person.
Yes, a separate 2FA device would truly add independent security. But do you really want to carry a YubiKey everywhere you go?
Beware Your Photo Archive
If an evildoer collects enough personal information about you, they can open a credit card or bank account in your name and live it up. And – there may be photos stored on your phone that reveal all!
I thought, nah, not me. But I was wrong. I searched my iPhone photos for these terms: driver, DOB, medicare, SSN, visa, amex and several banks. I found more than a dozen images that together showed my drivers license number, date of birth and credit card numbers.
If you run searches on your own phone, you may be surprised by what you find! You should delete photos that reveal your personal information, just in case someone hunts through them.
Screen Time is the Silver Bullet
The six items above are good ideas, but you can do a lot better.
If you’re using an iPhone, you can use the Screen Time function to activate a second passcode for your phone. Once you set it up, anyone who knows only your phone passcode can’t change your settings to lock you out of your phone.
Here are the exact steps to protect your phone using Screen Time:
- Go to Settings – Screen Time – Turn On Screen Time – This is My iPhone – Use Screen Time Passcode
- Enter a new four-digit passcode. Repeat the entry. For safety, you may wish to set up Screen Time Passcode Recovery by entering your Apple ID and password.
- Content & Privacy Restrictions – set ON
- iTunes & App Store Purchases – Always Require Password – Back
- Location Services – Find My – Allow Location Access While Using the App – Back – Don’t Allow Changes – Back
- Passcode Changes – Don’t Allow – Back
- Account Changes – Don’t Allow – Back
These steps make it much more difficult for a thief to take control of your phone and your Apple account. The only annoyance to you is that if you want to change some of your app settings, you’ll have to enter the Screen Time passcode and turn off some restrictions.
Screen Time in Android?
What if you’re using an Android phone? The Screen Time function in Android is called Digital Wellbeing, but apparently it does not offer a built-in passcode. You may be able to add a passcode through an app such as Digital Detox or Lock Me Out. However, as a non-Android user, I can’t be sure these would work.
If a reader knows how to provide extra protection in an Android phone, let me know and I’ll be happy to post it in this blog.
Screen Time is a friend that deserves your acquaintance! If you use Apple devices I advise you to take advantage of it.
– WSJ article
– Partial solutions
– Detailed tech discussions
– Face ID vs Touch ID vs Password
Drawing Credits: iPhone from Cottonbro Studio on pexels.com; padlock from menosmedia on openclipart.org