Apple prides itself on safeguarding its users’ privacy, but it isn’t perfect. Like all tech, Apple devices have their weak points when it comes to security. Case in point: Recent reports that thieves aren’t just stealing people’s iPhones, but using those devices to lock victims out of their Apple IDs altogether. But one preinstalled iOS feature — Screen Time — could help you protect yourself.
iPhone thieves are using recovery keys against users
Recently, a story has circulating around the internet describing how easy it is for a thief to lock you out of your Apple ID when your iPhone is stolen. It revolves around an Apple security feature called a recovery key. Said recovery key is a unique 28-character password that can be used to verify your identity if you ever lose access to your Apple ID. It’s a great security feature in theory: If you forget your password, your security key lets you back in.
The thing is, nobody knows the key but you: It shows up on your screen once when you initially set it up, but after verifying the code, it disappears for good. You’re tasked with writing it down and keeping it in a safe place, and, if you forget it, you won’t be able to log in without your Apple ID password, which will be a tall order if a thief has already changed it.
That means if a hacker changes your Apple ID password and your recovery key on you, you’ll lose access to your account altogether. Unfortunately, the latter is a bit too easy to do, since only your iPhone’s passcode is required to change your Apple ID recovery key settings. Thieves may sneak a peak over your shoulder as you unlock your iPhone, copy your passcode, then steal your iPhone. They can then unlock your device, head to the Recovery Key settings page, and use that passcode to set a new recovery key you aren’t privy to.
This isn’t the only story of people getting locked out of their iPhones and Apple IDs in the news, either. Another string of robberies and lockouts prompted us to offer up a few security tips back in February. (That four-to-six-digit passcode on your iPhone can pose a security risk.)
While we’ve covered some good tips for keeping your device and its data safe in the past, one new tip has emerged in the wake of the recovery key fiasco. As it turns out, Screen Time might just be your best friend if your iPhone ever is stolen. Aside from keeping tabs on your phone use and limiting time in certain apps, Screen Time can also disallow access to specific settings. When properly set up, you can use it to block access to Account Settings, which will make a huge difference in the event of a theft: Sure, your iPhone is missing, but at least thieves won’t be able to lock you out of your Apple ID entirely.
How to use Screen Time to stop thieves from messing with your Apple ID
To start, head to Settings > Screen Time > Use Screen Time Passcode, if you haven’t set one up already. Make sure it’s not the same passcode you use for your iPhone, since we’re going to assume a thief knows those digits already. Jump to Content & Privacy Restrictions, and choose down to Account Changes. Punch in your Screen Time passcode, then choose “Don’t Allow.”
When you return to the main Settings menu, you’ll find your name is grayed out at the top. Not only have you blocked access to your recovery key settings, you’ve blocked access to anything having to do with your Apple ID.
Consider not using a simple passcode
This risk can be avoided if a thief doesn’t figure out your passcode in the first place. Face ID and Touch ID help with that, as does keeping your PIN hidden whenever you do have to enter it. However, the best protection is to inconvenience yourself with an alphanumeric password.
It isn’t fun to type out, but it is much harder for thieves to copy down just by spying on you as you enter it. Plus, an alphanumeric password is much harder, if not impossible, to guess, especially on an iPhone. If your password is “L1F3h@cker,” instead of “528491,” no casual intruder is going to break in.
You can learn more about how to set up an alphanumeric password from our guide here.