iPhones are very popular among thieves and robbers due to their high resale value. Apple has countered iPhone theft by introducing features like Find My iPhone that allow users to remotely locate and wipe stolen iOS devices. It is also getting increasingly hard to unlock a passcode protected iPhone. However modern thieves are also getting clever as now if you get robbed they tend to ask for user’s passcode.
I recently came across a Reddit post in which users detailed how a thief who asked the owner of the iPhone for his passcode was able to hack into that user’s Apple ID as he had access to his trusted device. Using the trusted device he was able to change the Apple ID passcode resulting in the owner not only losing his iPhone but also his Apple ID and data. He also lost the ability to remotely locate, lock and wipe his iPhone with Find My iPhone, as it is tied with the iCloud account.
Thankfully there is a way to prevent this kind of Apple ID hacking even in the case where you lose your iPhone and had to tell the robber its passcode. Reddit user tetea_t explains that you can go to Settings > General > Restrictions > Accounts.
On iOS 12 Apple has moved the Restrictions to Settings > Screen Time > Content & Privacy > Account Changes.
From there you can set up a separate PIN for the ‘Restrictions’ that is different from your device’s passcode. Once this is done you can go to Accounts and select don’t allow changes for ‘Accounts’. This will prevent thieves from making changes to your Apple ID account on the device and getting access to your iCloud account by changing its password.
To change the Accounts settings yourself you have to go to Settings > General > Restrictions > Accounts again and turn on the ability to allow changes for accounts.
While this is a great idea there is one thing that you should be cautious about. You should in no circumstances forget the PIN for the Restrictions section of your device. Because if you do so, you too will not be able to make changes to the Accounts Restrictions and will be forced to restore your device with a new backup in order to make this change. This will result in you losing your precious data. It is a good idea to make a note of your restrictions PIN, so you remember it when needed.