Friday, April 14, 2017

Theft and Loss Recovery for iOS Users

Fraser Speirs:

Fortunately, the bag was stolen on the final day of the trip and not the first, otherwise we would have had serious problems throughout the holiday. This is another post for another time, but it’s kind of shocking how crippling the loss of a phone is.

[…]

I recently changed my Apple ID password to an unmemorable password (a mistake, as we shall see later), so the only password I have memorised is the one to unlock 1Password.

[…]

So, second task in this security audit: register a few other Trusted Numbers with Apple, and make sure that at least one of them is someone that you’re not travelling with. Additionally, make sure you know how to get in touch with that person without access to any devices or iMessage or any social media.

[…]

So, third to-do item in this process: print and carry a copy of my 1Password Recovery Kit [with your Secret Key but not your password]. It’s probably also wise to create a second copy and leave it with someone you trust and can contact, just in case you are stripped of literally everything.

I would be wary of accessing 1Password from a public computer that might be logging your keystrokes.

I don’t understand why his top priority was disabling Apple Pay. How would the thief use it without Touch ID?

Update (2017-04-14): McCloud:

ApplePay has a “Pay With Password” option you can use. Hidden until you try to use TouchID and fail at least once.

2 Comments RSS · Twitter

This is why I don't use 1Password. I design a pattern for my passwords so that each account use a different password but they are all memorable. It is true a hacker can figure out the pattern themselves and get your other accounts with one leaked password and the pattern but lets face it -- no hacker likes to do such thing to figure out and apply the pattern, when there are hundreds of other people in a leaked database using one password everywhere.

Adrian Bengtson

No memorable pattern in the world would make me remember every password for every site and service I use. No way. Eventually you would fall into a habit of reusing passwords.

I use 1Passwords ability to generate and store random passwords extensively except for the key services that I must keep in my head and be able to access if all devices are lost. Apple ID is of course one of them (Gmail another).

Leave a Comment