Everyone needs to do these 3 steps:

Turn on Screen Time, set a distinct screen time passcode.
Enable Content & Privacy Restrictions
Within Content & Privacy Restrictions, set both Account Changes and Passcode Changes to Don't Allow

This prevents an attacker from changing your Apple ID password or making changes to Face ID/Touch ID.

It can't block everything, though, but it limits the damage that can be done.

Comments

You must log in or register to comment.

dskatter t1_ja2xdp4 wrote on February 26, 2023 at 1:20 PM

This seems like a lot of effort when you could just

Have a good password
Don’t be stupid and just have a phone unlock code longer than four digits

sirmarita OP t1_ja3hgww wrote on February 26, 2023 at 3:57 PM

It’s definitely worthy the effort to save your years of documentation

dskatter t1_ja3s1ky wrote on February 26, 2023 at 5:08 PM

If you’re dumb enough to have a short iPhone passcode, sure.

Edit: here’s a far more useful tip: disable control center access while the phone is locked.

[deleted] t1_ja2otqi wrote on February 26, 2023 at 11:44 AM

This prevents an attacker from changing your Apple ID password or making changes to Face ID/Touch ID.

It doesn’t stop them if they use the emergency reset feature as this bypasses everything.

airysunshine t1_ja4deix wrote on February 26, 2023 at 7:26 PM

We don’t need to

TurtleOnLog t1_ja5evma wrote on February 26, 2023 at 11:42 PM

There’s a bug in iOS that lets you bypass screentime restrictions to reset the appleid password. It’s been posted about in some recent threads here.

Better advice is to use a long alphanumeric passcode instead of a short 6 digit pin, and be very careful nobody watches while you’re entering it.

Adorable-Employer244 t1_ja5xuj7 wrote on February 27, 2023 at 2:07 AM

Apple better has fix coming in the next few days. Totally unacceptable. I need to put in iCloud password to download free app but NOT to reset the whole freaking password? Come on now. Someone needs to be fired.