Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
IOS Iphone

iOS 17 Gives You 72 Hours To Undo An iPhone Passcode Change (macrumors.com) 16

In iOS 17, iPhone users who change their passcode will be able to reset it within 72 hours using the previous passcode. However, users can choose to expire the previous passcode immediately in the Settings app to increase security. MacRumors reports: If you enter an incorrect passcode, tapping on "Forgot Passcode?" at the bottom of the screen will lead to another screen with a "Try Passcode Reset" option. Tapping this option allows you to enter the iPhone's previous passcode and create a new passcode. As a safeguard, an option in the Settings app lets you expire the previous passcode immediately so that it cannot be used to reset the new passcode.

As of the first beta of iOS 17, it is still possible to change an Apple ID account's password with an iPhone's passcode, despite a Wall Street Journal report in February highlighting instances of thieves spying on an iPhone user's passcode in public and then stealing the device in order to gain widespread access to the device. In an interview with Daring Fireball's John Gruber last week, Apple's software engineering chief Craig Federighi said Apple has continued to "look at other ways to address this," but no changes have been made as of yet.

This discussion has been archived. No new comments can be posted.

iOS 17 Gives You 72 Hours To Undo An iPhone Passcode Change

Comments Filter:
  • Is this an "Someone at Apple did a shit" website?

  • Convenience is inversely related to security, in general.
  • by Anonymous Coward

    I don't see the point of this:

    1: If a person wants their password changed, they almost always want it changed now, on all devices, no going back.

    2: If a bad guy gets someone's password by coercion, they can easily change it, add 2FA, purge the old request, and be off with that to demand ransom for the account. This is where the $$$ is, because a mugger can lock up thousands of dollars, if not tens of thousands in an instant with an AppleID code.

    3: Same with someone snooping on a passcode entry. Get tha

    • by gnasher719 ( 869701 ) on Thursday June 15, 2023 @05:14PM (#63606282)
      The use case: 1. User wants their password changed, right now. 2. User changes password. 3. User is for any random reason asked to supply their password. 4. User realises that they forgot the new password and didn't write it down. 5. User realises their iPhone is a brick.
      • by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Thursday June 15, 2023 @08:36PM (#63606648)

        The use case: 1. User wants their password changed, right now. 2. User changes password. 3. User is for any random reason asked to supply their password. 4. User realises that they forgot the new password and didn't write it down. 5. User realises their iPhone is a brick.

        Or, user makes a typo and didn't realize it, and now cannot log in.

        It happens. And the problem is the "password reset" is literally to reset the entire device and reload it from backup.

      • ...
        4. User realises that they forgot the new password and didn't write it down.

        5. User realises their iPhone is a brick."

        6. User buys a brand-new $1500 iPhone.

        • User buys a brand-new $1500 iPhone.

          So are you saying this is an excellent move by Apple, saving some costumers $1,500, or a stupid move by Apple, totally upsetting customers who are then going to pay $1,500 for the most expensive Samsung phone?

    • My workplace uses MS and 2FA with annual password update. This month I updated my password, and I noticed I forgot to update it from the getmail6 conf file LAST YEAR. It still worked for a year. Heck I just checked I last time updated my password in .msmtprc in 2019! (I use msmtp with mutt and DavMail to connect to O365). I update my password annually and forgot to update it in .msmtprc for over FOUR YEARS... My conclusion is MS password changes are fake, or faker than Apple's.

  • by Kelxin ( 3417093 ) on Thursday June 15, 2023 @05:21PM (#63606304)
    A boomer patch. It's for old people that can't remember their new passwords. In effect, this will actually help hackers on compromised accounts.
    • I think it's more for young people who can't remember their new passwords, and are badly organised. Or young people who change their passwords while drunk.

      And please explain to me how this helps hackers. They need your phone for this. And your passcode. If they have your phone then _you_ cannot change the passcode, you can only disable the phone. If you think someone knows your passcode through shoulder surfing, you change your password and disable changing it back before someone steals your phone.
  • genius. microsoft should copy.
  • .. and it’s for the device, not the AppleID, as TFA makes clear. This is equivalent to a Windows laptop’s PIN, not a Microsoft account.

    I still don’t think too much of the idea, though.

    • Apple did something similar years ago for hard disk encryption. When you turn on hard disk encryption on your Mac, you need to set up a password for it. By the time they wanted to login again, many people forgot their password. So then it was changed so after the first login with the new password, that's when encryption starts. If you forgot your password at that point, no problem. This reduced support calls to Apple in this area by half.

      I wrote an app that had its own passcode, and could use biometrics

The question of whether computers can think is just like the question of whether submarines can swim. -- Edsger W. Dijkstra

Working...