Using Your iPhone Passcode In Public Can Be Risky - Here's Why You Avoid It

A stolen phone is a nightmare scenario for so many. Not only does this introduce a new and potentially excessive financial strain (the average smartphone in 2023 costs $718.23), but a lost phone can also mean the loss of photos and personal information that may not have been backed up. This makes the average cell phone a highly personal device that simply can't be lost. Still, in 2018 it was reported that roughly 446,000 phones are stolen every year. 

A new threat that iPhone users in particular are facing these days goes well beyond the typical theft issue, however. The Wall Street Journal's Joanna Stern investigated a new trend in this criminal behavior that's placing an even greater sense of dread in the hearts of iPhone users. Not only are thieves making off with the phone itself, but they're also devising new and devious ways to lift passcodes, too. "The thieves are exploiting a simple vulnerability in the software design of over 1 billion iPhones active globally" Stern reported in February, 2023. Without the passcode, an iPhone is only valuable to a thief if they can wipe the device and resell it in an illicit marketplace. With your passcode, the phone becomes infinitely more valuable to a thief.

The scam isn't exactly a sophisticated one

The widespread vulnerability and reliance on iPhone software to exploit unsuspecting victims might call up thoughts of a highly technical criminal approach. However, the thieves engaging in this ruse are using basic socialization tactics — and sometimes a partner in crime — to take advantage of their targets. The scheme itself is fairly straightforward. The modern world is full of fast-paced information and constant notifications that scream out for attention. Many smartphone users will check their device multiple times without even noticing they've done it. For users with a passcode, this means constantly entering a four or six digit string of numbers. The behavior becomes so engrained that many people can even type their code in without looking at the number pad itself. 

However, you may have a spectator the next time you enter your code and check your messages! Joanna Stern's reporting uncovered a recent 12-person robbery ring that had been charged with stealing phones in Minneapolis, to the tune of $277,000 across and affecting at least 40 individual victims. The scam starts with watchers. The ring (or an individual, enterprising thief) will slink around the background of bars, restaurants, or other venues filled with unsuspecting iPhone owners. They watch for the entry of a passcode, perhaps waiting for multiple entries. When working in teams, one person may approach a victim and strike up a conversation while their partner watches or even films the encounter to accurately collect the passcode digits. Once they have what they need, the thieves simply snatch the victims phone and make a dash for the exit. 

The universality of your passcode makes it dangerous

A lost phone — even one stolen right out of your hands — may not induce an immediate panic beyond thoughts about the device itself (like a lost wallet might). But for iPhone owners, it should. The versatility of your iPhone's passcode goes deeper than you might think. Your passcode unlocks your phone's ApplePay wallet, acts as a stopgap security measure for passwords on commonly visited websites, and protects the integrity of your Apple ID. If your passcode is compromised and the phone leaves your possession, a thief can make off with your entire life! From the phone itself, a user can quickly change their Apple ID password, and all that's required is knowledge of the settings application and the phone's passcode. In her investigation, Joanna Stern spoke with one victim who had her phone ripped out of her hands and, "within three minutes, I was locked out of my own Apple ID," she recounted. 

Once the password has been changed, urgency falls away for the thieves. It can be immensely difficult to recover access with any measure of speed. From there, criminals can systematically access your bank accounts, PayPal, Cash App, other FinTech apps, and cryptocurrency wallets, draining your finances in the process. Any account that you've saved a password for in an effort to make your life easier can act as a double-edged sword in the hands of a thief who also has your passcode. This passcode is the only line of defense against unauthorized access. Thieves can unlock every aspect of your digital life with this information, and in some cases, they even gain enough information to open new credit accounts.

Defeating this threat can take a few forms

Apple iPhone users everywhere may lament this news, but there are safeguards that can be implemented to protect your data, finances, and phone. For one thing, setting up access through touch or face ID will virtually eliminate the need to enter your passcode. Without your face on hand, a thief will have to rely on the code to gain access to your data. But if you haven't used the passcode while in public, this will prove an impossible task. Of course, in order to use these features, you'll still need to set a passcode, so the measure will also require diligence. It will take discipline to avoid entering your passcode out of sheer muscle memory in the event that an ID isn't made on the first attempt to unlock your device. A commitment to physical security is also important for limiting your exposure. Taking stock of the people and things around you can help keep you more alert in the event of a thief targeting you and your device.

Another quality change that iPhone owners can make is the use of an alphanumeric password rather than a simpler numeric code. But at the very least, a six-digit passcode will naturally take more effort to glean than a four-digit option. Lastly, managing saved passwords with a password manager (rather than the default iCloud Keychain) will add an additional layer of security between your phone and passcode combination and the passwords that protect your digital life.