A Potentially Major Security Issue

By Enes Deniz, 8 November, 2023

Forum
iOS and iPadOS

If you power off your iPhone and then power it back on, it requires your passcode instead of Touch ID, and possibly Face ID as well, which I have not used myself. The very key point of having these identity verification methods, however, is the fact that they're already meant to add a second layer of security and prevent anyone else from accessing your device even if they do know the passcode. So imagine a situation where one's iPhone gets stolen with the screen unlocked, and whoever steals the device immediately powers it off, knowing he/she won't have to have the device recognize his/her fingerprint or face. When he/she powers it back on, all he/she will have to do is enter the passcode, and if he/she does not remove the SIM card, the PIN code, which he/she might also know in addition to the passcode. So Touch ID or Face ID may require the passcode to be activated upon startup, but then we must have to verify ourselves and make sure it is the actual user who has just entered the passcode.

Options

Comments

By Gar on Thursday, November 23, 2023 - 04:44

I understand what you're driving at, but if touch/face ID fails a few times, then the user can still just enter the passcode if they know it. Thus, restarting the phone isn't necessary. Erasing the phone only occurs if the passcode is entered incorrectly X number of times. It does not apply to face ID/touch ID in the same way.
Hope this clears things up.

By danno5 on Thursday, November 23, 2023 - 04:44

First of all, I see where you're going with your point. It's interesting if not a realistic threat, and I'll attempt to explain here.
The data of your face/touch ID is stored in a secure unit in the Apple chip. So yes, they're more secure.
Find my:
Remember that turning on the iPhone will make it easier to track with find my. You could of course remove the SIM card, so as to break that internet connection, remember though that even erasing the iPhone won't fix or change the passcode situation. Yes, you could know the code or enter it wrong, but iCloud lock would then kick in.
Losing your phone.
Also, it’s advisable to erase an iPhone as soon as you can should you lose it. The person who gets hold of it therefore may be able to access your data such as messages, but remember as long as you don't store the password in the notes app or anywhere else, the power of erasing your phone would be with you.

By danno5 on Thursday, November 23, 2023 - 04:44

Also, consider not using simple passcodes if this is of concern to you.
Again, say your password is 182838 you could change to a word such as testword. Its harder to guess, more secure, and the best way to keep your devices safe.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

Some psychopath might just violently grab your one and only device, somehow make you unable to access another device, and run away. You may not have a second device or anyone else to call the emergency number or have remote access to your device, at least by the time that the thief terminates all active connections (Wi-Fi/celular etc.) and/or backs up all your data.

By Igna Triay on Thursday, November 23, 2023 - 04:44

I see where you are coming from but this isn't that likely to happen, for one. For another, there are methods you can take to minimize this. Long passwords are one option. Another one is that even if your phone gets stolen and turned off and the chip gets removed, when you erase your phone from another device as soon as it turns on again and connects to a wifi network, it'll erase. Also, there is one avenue you can take to prevent the removing of the sim card and thus losing connection with find my... use a esim. And also enable the option to erase your data after 10 failed passcode attempts if your that worried of something like this occuring. This can happen yeah, but it is quite unlikely, and in the event it where to happen, there are steps you can take to minimize risks like the ones you mentioned.

By Ali Colak on Thursday, November 23, 2023 - 04:44

While things like face ID and touch ID are suppose to add an extra layer of protection, they also cant be impermeable. What happens if your face is in bandages. I where a cpap mask, and the phone isn't able to recognize my face through it. The iphone can't force you to use face ID, you can use it whenever you like, so can everyone else who knows the password. So unique passwords are the answer here.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

What if airplain mode is turned on and then the device is connected via USB to a computer? Even if iTunes doesn't let the user view/access and back up the data on the device in that case, other alternatives like jailbreaking and the use of third-party software may still let whoever seizing the device have a backup of the entire data. Particularly in situations where what they're after is primarily the user's private data rather than the device itself, deleting or getting back the device afterwards will likely not mean much.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

Since we're already talking about Touch ID and related security issues, I also want to point out the fact that replacing the home button with a new one causes the Touch ID function to be disabled entirely. This may not be the case when it is Apple itself replacing the home button, but I did witness Touch ID disappear from the settings after replacing the home button of my old iPhone 6S with a new one. Since all you can and have to do is enter the passcode in that situation, this also leaves the device vulnerable to anyone knowing the passcode and having nefarious purposes without the actual user even knowing that they have accessed his/her device and data, as they may just take the device, enter the passcode and do anything at any moment, leaving the device right as though untouched. What I would like to know here is whether this is still the case if it is Apple replacing the home button. If so, this automatically deprives the user of the option to enable Touch ID even if (s)he wishes to do so, compelling the user to give up on a second layer of protection.

By Tyler on Thursday, November 23, 2023 - 04:44

Member of the AppleVis Editorial Team

The way I see it, Touch ID and Face ID should be regarded primarily as conveniences rather than security features, as there's nothing they can access that a passcode can't. As biometric authentication can fail, such as with a moist finger or altered facial appearance, the passcode can always be used as a backup. Therefore, your best defense against someone guessing your passcode and consequently gaining access to your phone and Apple ID is to use a strong password and set the iPhone to erase data after ten failed entry attempts.

In public, biometric authentication paired with Screen Curtain may offer a security benefit, as potential shoulder surfers won't see you enter a credential that they could also use if they got physical access to your phone.

By sockhopsinger on Thursday, November 23, 2023 - 04:44

One feature that I have turned off in iOS 17 is that your phone can remember your previous password for a period of I think 72 hours after you change it unless you turn that setting off. Theoretically, it is supposed to be in case you forget your new password but remember your old one. However, I have disabled it as I see it as a slight security vulnlerability.

By MuseumShuffle on Thursday, November 23, 2023 - 04:44

But the reverse where I you NOT want the phone to be unlocked with my face is a scenario where you're under duress. You can instantly disable FaceID and TouchID by holding the volume up and sleep buttons together.

I have my phone set to erase itself after 10 failed passcode attempts. Unless they watched me enter my passcode they're not getting in.

By Dennis Long on Thursday, November 23, 2023 - 04:44

If your that paranoid then don't own a smart phone. It is that simple. What you are saying will not happen most likely.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

If you're that eager to argue with me, let's do that elsewhere. If you desire to attract attention here, this is definitely not the best way to do that. I did and do know that the case scenarios that I tried to explain may not be likely enough to make the average user concerned, but was just discussing possibilities. Such a professional global company highlighting privacy and security as one of its key strengths should do their best to eliminate any risks, however unlikely they may be. So it's Apple that should worry about such loopholes and possible weaknesses before me or any other customer. It wouldn't be difficult to find so many users not even bothering to set a passcode, let alone enabling Touch ID or Face ID, yet are totally okay with that and sure that their data have not ever been compromised, regardless of whether this is actually the case or not. So Apple shouldn't have implemented any security measures in the very first place, right?

By Siobhan on Thursday, November 23, 2023 - 04:44

If such a single scenario exists, they created lockdown mode. Journalists, musicians, celebs, all can put their phones in such a state, rendering their information securely stored. However, they then say to Joe Idiot, here is how to enable this, if you want it safe. He does so, then grabs an AR15, shoots a ton of people, blows himself up to avoid tax payers draining for however long the moron stays alive. Cops try to access said phone, can't. apple shrugs. "Well he's got a right to privacy." Does he? Families get no closure, no justice, because apple's backbone is nonexistent? seems fair, right? Yes, lockdown should be used in high profile situations, such as musicians and journalists. Joe Q hacker, doesn't need it.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

The average user is more likely to be uninformed of that stuff and carefree for this very reason, so will likely not even know about lockdown mode and open Settings specifically to look for these things that to him/her are stuff that but geeks care about. Thing is, the average user is also equally vulnerable, and since (s)he's not worried about anything, (s)he won't take any precautions to be protected from these threats. Cyber criminals, on the other hand, target the average user just as much as well-protected celebrities or politicians, or hackers. Similarly, thiefs, when attempting to steal a device along with all the data that it stores, may just be after the easiest prey, as an iPhone previously belonging to an ordinary guy should be just as okay for him/her as one that belonged to a celebrity. Thieves will likely be interested in the device itself rather than the data that it stores, as opposed to cyber criminals.

By Siobhan on Thursday, November 23, 2023 - 04:44

First off I am not sarcastic and the fact you took it. That way is quite interesting. Second you keep coming up with these wild scenarios, so what would you have somebody do? Of course they’re also is the fact that somebody can just Google lockdown mode and go from there so what point do you actually have? I was in fact being serious look at this California killer, who killed a bunch of people in Apple wouldn’t cooperate opening the iPhone. Maybe your common sense pill didn’t kick in yet? :-)

By Jared on Thursday, November 23, 2023 - 04:44

The passcode is the ultimate backstop for securing your device. We actually get some benefit from screen curtain in this case, because it’s harder to decipher the passcode visually. I’m not sure how you could tighten this up any further though short of some sort of two factor authentication with another independent device, and most users won’t tolerate that every time they want to unlock.

By Siobhan on Thursday, November 23, 2023 - 04:44

The only thing I could think of is if somebody actually watched how your fingers move around the keys because obviously it’s a telephone set up yet. That’s why Apple sometimes has the numbers going straight across or the telephone style set up. Again, harder to differentiate.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

If you've never heard of lockdown mode and known that it ever existed, chances are, you won't likely make it up and hope or guess that your device has such a feature. I've witnessed so many times the fact that even the sighted often fail to notice a feature, setting or option that they only glance at and ignore even after they see it on the very screen of their own devices. So one has to be curious and interested enough so as to Google something or look into it when one encounters it on one's device. As for the so-called wild scenarios that I've been coming up with, do bear in mind that acquaintances are much more likely to have learned the passcode or access the device, so I don't really find this possibility to be so unlikely to be taken into consideration by Apple. And as for the point as to whether Touch ID and Face ID are intended for convenience rather than security, I doubt that, as you don't even have the option to enter the passcode on several screens where you're prompted to proceed with Touch ID or Face ID, while the exact opposite is the case on various other screens where you're only prompted to enter the passcode.
You would ensure security by eliminating risks; not solely by taking some precautions and hoping they'll do in most cases.

By sockhopsinger on Thursday, November 23, 2023 - 04:44

These are things that have been mentioned on the internet since touch ID first was announced way back when. Hopefully people who are spending boatloads of money on a phone like this will look into ways to keep it secure. You can only do what you can do to protect your devices, and while I admit that the scenarios you have come up with are possible, the sighted folks face the exact same issues/risks. Also, Voiceover may be a deterrent for many people as your average person will have no clue how to operate a phone while Voiceover is running.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

1. Many who buy an Apple device, do that to look "cooler", so they don't care about security that much, if at all. This should lessen the legitimacy of any complaints when they face the consequences of their lack of care, but the company should still make its products as user-friendly and cover as many cases as possible. It is this very reason that we can push Apple for better accessibility.
2. Yet again, acquaintances are more likely to at least have an overview of how you use your device with VoiceOver.

By Igna Triay on Thursday, November 23, 2023 - 04:44

Not only will 90% of people wouldn't have the slitest clue how to use a phone with voiceover enabled, but there's also the secondary problem, depending on the user... if screen curtain is enabled. That would complicate things even more.
As far as the shooter scenario. Ok. Want to go into extremes?
No, apple isn't obliged to open, unlock the phone of the shooter, because, yes privacy, and think about this. If apple said yeah sure, we'll open the phone... this would be a major trust ishue, people wouldn't be able to trust apple because they got into a phone, when they say they're about privacy. Furthermore, what's to stop say, corrupt authorities from grabbing your phone, and make up bullshit evidence, then passing said evidence to a corrupt judge or court in their pocket, you get convicted, and then they say, oh access this user's data, despite it all being fake?
Now back to reality. This scenario wouldn't happen in the first place, but if you wanted to go that far with your arguments... Look, the scenarios you described are technically possible, but their really unlikely to happen, we would be talking not even a point 1% chance, we're talking a point 00 something chance. Its not something you should worry yourself about. ,

By Siobhan on Thursday, November 23, 2023 - 04:44

We can "What if?" all we want. The problem is the OP flips out, what if, this? that? happens? Now Without giving a concrete answer, knowledge of how to overcome, anything except, flip out the Net with whatever H/she as they kindly have written plan to do about anything. My family member was a cop, so I respect and accept how your point is coming across. There are "bad apples" out there. However we can wish for whatever we want, in the end, someone, anyone, will take advantage of anything. So how, OP do you convince someone, anyone to be worried? You can not. So go on sir/mam/ or however you wish to be addressed.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

Let me repeat my point. You have this thing called two-factor authentication or two-step verification or whatever because you don't want anyone else, not even those knowing your passwords and having access to some of your devices, to be able to proceed without entering the verification code unless they can also somehow access the code received to the device/number that you prefer. Someone having access to your passcode and device may still get and enter the verification code quite easily, so even this method is far from being perfect, but not because it fails to work or is unavailable in certain cases. The problem with Face ID or Touch ID, however, is that they're not offered as an option at all in certain cases, just as the passcode. Not being prompted to verify your identity with Touch ID/Face ID upon startup, is definitely one of those cases.

By danno5 on Thursday, November 23, 2023 - 04:44

Let's break this one down simply.
1. Your device security is your responsibility. Why yes these people do exist, it’s your basic duty to make sure that you do everything in your power to keep your device secure.
2. Completely unlikely-
If you're using voiceover and screen curtain, you should be secure, now if you want to go booming out your passcode through your speakers, again that's on you.
3. People you know
Let's just be honest here, friends or anyone you know having your passcode because you told them then something happened to your iPhone would be your fault. You should only tell people you really trust your passcode, and even then, I don't really recommend sharing it out if it bothers you this much that something could happen to be honest.
So there, the short of it is that hackers and people exist, your situation has about a 1% chance of ever actually becoming a real concern, and you hold the keys to your security.
That's honestly all there is to say on this one for me

By Enes Deniz on Thursday, November 23, 2023 - 04:44

I'm not talking about myself in particular here. I think I've managed to keep my device, passwords and data secure enough.

By Igna Triay on Thursday, November 23, 2023 - 04:44

If your not a fan of screen curtain, you could type in your password using braille screen input Given there is no speech when typing in password fields, and that the only things displayed when typing your passcode are I believe bullets or stars on the screen if you had screen curtain turned off, that would avoid the potetcial ishue of people identifying what your typing by looking where you place your finger on the screen, as... I'd say more than 90% of people in general don't know anything about braille in the first place.

By Brian on Thursday, November 23, 2023 - 04:44

Handwriting rotor function is wonderful for typing in Passwords/PINs. Like with BSI, the only thing others will hear are clicks as each character is entered.

By Brian on Thursday, November 23, 2023 - 04:44

@Oliver,

One of my CompSci professor's was a former Department of Defense employee. Without going into too much context, he once claimed, during a lecture, that the most secure computer he ever heard of was one that was :
1. Smashed to bits.
2. Buried about a mile underground.
3. With no possible way of obtaining any part of the device.

I kind of have to agree... 🤔

By Joseph on Thursday, November 23, 2023 - 04:44

I'm in agreement with Oliver here. Sounds to me like you will less than satisfied with anything other than a device which has eithe rbeen smashed beyond repair, barried under tons of earth, held at a location inaccessible to all of mankind, Etc. Utterly ridiculous, IMHO. But hey, what do I know? I'm an iPhone user myself, so I must be able to afford the best security ever. Right? Right?

By Enes Deniz on Thursday, November 23, 2023 - 04:44

Hey, it appears that I have to repeat once more that I am confident that I have taken every step known to me to protect my device and data, so I'm not worried about myself in particular. What I'm trying to say is that Apple itself should be worried about ensuring the security of even the most tech-ignorant user as best and in many cases as possible just as it allegedly does its best to ensure user-friendliness for everyone. I also have to repeat the fact that the problem here is that the user is not prompted to verify his/her identity with Touch ID or Face ID upon startup so this still creates a vulnerability and the more you eliminate such risks, the more secure you are. Let me also repeat that many users don't even set a passcode and don't face anything like data breaches or theft, but this should not mean that these security measures don't have to be implemented. So stop saying stuff like that I'm paranoyed and coming up with wild and ridiculous scenarios and try to seriously respond to my points instead so that I don't have to repeat them over and over. If you don't feel like doing that, then just browse through other threads that interest you more or go find something entirely different to keep yourselves busy.

By Igna Triay on Thursday, November 23, 2023 - 04:44

Ok, hold on. How is bbeing able to verify face ID, touch ID, at start up, a vulnerability? Its not. Think about it. Having face ID, touch ID unlock the phone after power on / restart etc, would be, in fact, a huge vulnerability issue, because there is absolutely nothing stopping someone from say, holding the phone up to your face after a restart, power on, etc. That, plus how would being able to verify yourself via face ID, touch ID, would help, or make things more secure? I mean, as long as you have a strong passcode... mine is more than 13 digits; you'll be ore than fine and no, the passcode isn't in any way related to any information about me such as dates, names; etc. Now, if you have a weak / easily guessed passcode... Yeah I can see why'd you bring up the, face ID, touch ID to verify your identity but, hey its the end user's fault if they set a weak passcode.

By Joseph on Thursday, November 23, 2023 - 04:44

@Enes, how do you know that almost no people use a passcode? Are you actively doing research on this topic? From what source does your data come? How recent is this data? How large of a sample set are you working with? I would love to see some sort of proof for your remarks. Also, to my knowledge, Apple *is* doing all they can to make their devices secure for even those users who aren't tech experts. If they don't, it's not for you to worry about. That would be something they would have to fix, not you. Good day.

By Igna Triay on Thursday, November 23, 2023 - 04:44

@ Joseph, there are a lot of variables. People who don't use a passcode is only one variable. Then there are people who use 4 digit passcodes, and that's not to mention the subgroup who, for-example, use something personal and easily guessed, I.e, birthday, an important date, etc. Then there is the people who use a 6 digit passcode... and the same subgroup as the above. The list goes on, but it’s not just one subgroup of people not using a passcode and those who do; even in these various groups there are many variables. What it really comes down to is... how secure does a user want to be? It’s not up to apple, google, microsoft, etc. They already implemented the tools, so to speak, I.e, alfanumeric passwords, etc. It is up to each user if they want to use the provided tools or not; but that's what it really boils down to in the end. Harsh as it may sound, security is the end user's responsibility, not a megga tech giant's... They fulfilled their responsibility; giving you the tools. The rest is soulley up to the user.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

1. I never ever said no one used passwords.
2. I said we still had to enter the passcode if enabled, and then be prompted to verify our identity through biometric verification upon startup, so don't really get why this would cause a vulnerability. The lack of biometric verification upon startup is what makes me say Apple has still not done everything it could and should do to leave the rest to the users and not be held liable for any unwanted situations.
3. If we're gonna have a password length race or comparison, I'm up for it and already have and recommend sufficiently long passwords even if you also enable Touch ID/Face ID. My Apple ID has a fifty-character password with letters (both lower and upper-case), numbers and punctuation marks.
4. I'm trying so hard to be patient, but you've been insisting on not going through my posts carefully enough.

By Igna Triay on Thursday, November 23, 2023 - 04:44

Thing is, having to verify your identity after restarting and putting your passcode is not really necessary. It would just be inconvenient for the end user. While I get partly the use of it; in theory, that is; its not really needed, especially if the user had a passcode that's not easily guessed, as in any ccase, if the phone gets stolen etc, no one would be able to access it in the first place. In the case you mentioned above, this isn't really necessary, as far as verifying your identity after restarting etc. Not to mention the following. There are times where you put your finger on touch ID or you use face ID and the phone fails to recognise you maybe because your fingers are wet or because you didn't position your face or finger correctly, or, since face ID is automaticaly activated, sometimes you don't even mean to unlock the phone, but the phone thinks you did, and you get a try again, prompt, when you didn't even wanted to unlock the phone in the first place. So if you where required to verify your identity after a restart etc... If the verification where to fail, as seen above... In essence, the end user would be screwed, as there would be no way of logging into the phone whatsoever if the identity verification failed, which is something you need to consider as well; potential instances where if the verification where to fail... What then. Because generarly, once you fail verification for x number of times your account gets locked, requiring you to contact the place where your account got blocked do to failing' identification more than once, so that they ccan unlock it. Given this is software, its free, but in apple's case since it is hardware... If we're continuing the way face and touch ID work, I believe you have to enter your passcode after 2, 3, failed touch,face ID attempts, so logically, if identity verification was a thing, you'd have the same number of attempts to successfully verify your identity via touch, face ID. As said above, if say, the face, touch ID verification failed 3 times... That would lead to one outcome; your phone gets blocked, locked, call it what you will, and you'd have to send it to apple or take it to a applestore or other repair center so they could unlock it and grant you access once again... which would mean spending money just to once again, have access to your device. And yeah maybe it might not be a high cost but still, and that's assuming that apple would be even able to unblock your phone in the first place... Think of it like how a fermware password works. If you forget it... Not even apple can reset it; same goes for filevault. If you forget your password, and you forget the recovery key, if your using that as a recovery method to unlock your computer... There is absolutely nothing that apple can do, even if they wanted to. See where i'm going with this? It just wouldn't work. It wouldn't be as simple as you think.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

You may always just disable if you don't want to deal with it, just as you may disable all of these security measures all together, but those who do want to have this option must not be prevented from having it. Just like lockdown mode, which may be vital for those in need of it yet no one is forced to enable. Besides, a recovery/verification code (via SMS to secondary number, e-mail to Apple account or authenticator apps) might always be an alternative in cases where Touch ID/Face ID fails to work for whatever reason. Also in response to the claim that Touch ID is designed for convenience rather than as an extra layer of protection, please tell me how I can edit the Wi-Fi networks in the settings, or access the recently deleted album in Photos without being able to use Touch ID. We can't ever do any of those without verifying our identity with biometric data that is supposed to match with ours, right? So many functions already require Touch ID or Face ID only, and failing to verify your identity won't let you access any of them even if you do know the passcode, meaning Apple already considers Touch ID or Face ID to be the one and only method to verify the user's identity in certain cases where, according to Apple, the user attempts to access sensitive and private data. Then there are third-party apps that can be set to require Touch ID or Face ID when launched. Letting the user set a second passcode should Touch ID or Face ID fail, might be yet another option, just as the case with notes that you may lock and access with Touch ID/Face ID, as well as their own password. Having a second passcode will at least necessitate that anyone accessing the device know this second passcode as well. Or as I mentioned above, the user may also wish to receive a verification code through any of the methods that I listed. There's also this method that comes to my mind: The device asks a random question, whether one that can only be answered by the user, or a simple math problem that still requires the user to say things depending on the question, and the user will have to respond out loud so that the device can recognize the user by his/her voice. Let me emphasize once again that the user should have the choice to use whichever of these methods that (s)he prefers.

By Brian on Thursday, November 23, 2023 - 04:44

Yes. I know what the page that link above states. Subscription and macOS 11.x required.
F**k that noise.

Instead, follow these instructions:

1. Go to https://darknetdiaries.com/episode/139/
2. Press VO + Command + 'f' (macOS) or whatever the WindowsOS alternative is, to navigate by Frames. Protip, there is only a single frame...
3. The frame is labeled "Podcast Frame". Press TAB and you should land on a button labeled as "Play".
4. You are so very welcome. 🤠

By danno5 on Thursday, November 23, 2023 - 04:44

Surely your point about email verification, especially destroys the rest of them. The email is not the most secure way, so I feel using that as secondary verification you’re not guaranteeing yourself any security anyway. Again, low chances, and all that, but they can also still be attacked.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

Then just use an authenticator or whatever that sounds the safest to you, but only when you're given the option to use these methods I listed can you do so. So it still boils down to the fact that it is still Apple responsible for including them. Just listened to the whole episode by the way, and liked it.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

Okay, I somehow used to think we could only use Touch ID/Face ID to open apps or access certain functions, possibly due to the fact that I don't recall ever being unable to use Touch ID for five times in a row. One more reason that made me think we only had Touch ID/Face ID as an option, is the fact that you get a "Use Touch ID" button in certain cases. This made me think we could only use Touch ID. When I just deliberately put another finger on the fingerprint reader and let Touch ID fail to verify my identity, I did get a passcode field but then could not find a Cancel button. I found out that I had the Cancel option at the very bottom right on the on-screen keyboard, but have to say it's not so intuitive. Still, I wonder if you can enter the passcode if having Safari fill in password fields with Touch ID or Face ID fails, or there are any other functions that exclusively require biometric verification.

By Igna Triay on Thursday, November 23, 2023 - 04:44

Yes, you can enter your passcode instead of using touch ID, face ID when autofilling passwords if that's what you want. In face ID and passcode, or touch ID and passcode, under the use touch ID or face ID for, section, turn off autofill. That'll disable face, touch ID from autofilling and you'll have to enter your passcode in order to autofill passwords etc.

By Dominique Stansberry on Thursday, November 23, 2023 - 04:44

I still feel that Screen curtan and Braille display is still a great secure way. There not gonna sit around to learn Braille just to hack someone else's iPhone, are they?

By Dominique Stansberry on Thursday, November 23, 2023 - 04:44

Seriously, I love the site, but why, have, know, one, created, an, AppleVis iOS/iPad/Mac OS app for this site yet? Just asking.

By Enes Deniz on Thursday, November 23, 2023 - 04:44

In response to previous posts;
@Igna Triay thanks for the info.
@Dominique Stansberry I would also love to have such an app, but posting that elsewhere will be more appropriate and attract more attention, possibly starting a discussion on how it can actually be done. As for Braille screen input and screen curtain, those using both and even either one of them should be but a small portion of the total users.