Over the years Apple has introduced so many new security features that you would think it would make their devices less desirable to steal. Unfortunately, we see people daily that choose convenience over security. Recently we had a customer get their iPad stolen and the fact that it didn’t have a passcode set off a chain of events that were disastrous.
Thief breaks into their place of business takes some money and a few items including the iPad. Due to it being in the middle of the night the bad guy has several hours to dig through the iPad. Since there was no passcode this meant they were able to access the iCloud keychain and view all of it as normally that data is protected by asking for the device passcode a second time to access this data. Without the passcode it was all readable. The thief was easily able to assess that our customer only used 3 different passwords. Now armed with this knowledge the thief uses their computer to log into their iCloud account trying each of the three reused passwords. With access to an unlocked iPad the 2 factor authorization code/approval to log into the iCloud account on this unrecognized computer came right to the iPad.
Our customer wakes up to multiple pop ups on their iPhone showing that someone was trying to break into their iCloud. They didn’t think much of it until they arrived at work and realize that there was a break-in and the iPad is gone. Customer uses their iPhone to put on an activation lock on the iPad. Unfortunately the thief already cracked the code on their iCloud account and just turns it back off. Since the customer didn’t really understand what was going on they didn’t think to change their iCloud password. The story ends with the customer paying money to get their iPad back by someone that claims they bought it at a gas station. They finally change their iCloud password and now realize that they need to change all of their passwords for their various internet accounts and they sign up for Lifelock. This all could have been been prevented by typing in a 4 or 6 digit passcode to access the device.
These are the steps we suggest for all customers:
- Use a passcode to access your devices.
- Don’t use a passcode like 1111 or 123456, use something only you will remember.
- Use different passwords for all of your online accounts.
- Use a password manager like 1Password that would have another level of security to keeping your data safe.
- Use 2 factor authentication for your accounts when available.
- Use “Find My” on all of your devices so you can lock them down if stolen. Thieves can erase your passcode protected device but if Find My is enabled it can’t be set up as a new device or usable!
If you are not sure if your devices are secure or if you want help setting any of these items up please schedule a Tech Byte which is a 30 minute one-on-one with a technician.