The Gentle January series shares one practical privacy tip a day from a Markup staffer who actually uses the advice in their own life.
I lose track of my phone a lot more than I’d like to admit. Yes, it normally turns up between the couch cushions, in the pile of laundry I’m folding, or underneath my dog (I blame her), but I’ve had enough close calls to make sure I have precautions in place in case my phone falls into the wrong hands.
If you’ve lost your iPhone, your first step would probably be to use Apple’s Find Devices feature to pinpoint its location. So, imagine the horror of trying to log in only to find that you’re locked out of your Apple ID—someone has changed your password—and that whoever has your phone has free rein over it, including access to your money through financial apps. Without your Apple ID, you can’t kick them off or remotely wipe sensitive data from your phone. And you may have permanently lost access to everything stored on iCloud, including your photos.
This has been the reality of hundreds, if not thousands, of people, as detailed in recent reporting, which recounts stories of phone-theft victims observed entering passcodes or tricked into divulging it. The passcode is then used to compromise their Apple ID.
What can you do to prevent this? Apple will be releasing a Stolen Device Protection feature in a future software update to help prevent bad actors from changing users’ account passwords. In the meantime, and to add another layer of protection, I use Apple’s Screen Time feature to disable account changes. This requires that another passcode be entered—one a thief will likely not have gleaned by looking over your shoulder—in order to do things like change your Apple ID password. For this to work properly, make sure your iCloud account password is not saved in the Password’s keychain—otherwise, someone could reset your Screen Time passcode.
To disable account changes:
- Go to Settings
- Click on “Screen Time”
- Click on “Content & Privacy Restrictions”
- Under “ALLOW CHANGES”, click on “Account Changes”
- Select “Don’t allow”