I don’t. Especially now that the fact that iPhones are easy targets is all over the news.
I would go with the federal offense, as your first example is also most probably ending in one! 
But it is still no real situation you should be concerned of, and specially if you mentioned now that you will do not have your personal informations on your iPhone any longer, anybody who could read this on the internet will now know, that he/she just has to pass you at your homeadress, to get what they want from you, because you no longer protect your property by modern technical means.
Thanks for your concern. I take it you’ve never had to have the police drive you from your store to a bank 200 feet away, every night, so you can deposit your checks. I would have preferred to walk but it was company policy.
If you’ve ever seen the back seat of a major city’s police car, you would have wanted to walk too. 
It seems obvious to me, the one simple change Apple could make, but it seems none of the Apple press are thinking this way so maybe I’m missing the point?
The perceived downside (for users) of requiring entry of the old Apple ID password is people who forget it and want to reset it because of that.
If they’re on that screen, then they almost certainly know the passcode, sure, but in every device since the iPhone 5S, that’s probably not how they last unlocked the phone. They will have used Touch ID or Face ID. So just authenticate again with biometrics before allowing the password change. That makes the thief’s job a LOT harder and the forgetful user’s job a little easier.
The thief can no longer just grab the phone and run off. Well… they can, but they can’t change the Apple ID password.
1 Like
Yeah. Offering an either/or - if you know the password, you can reset without biometrics, or if you have the biometrics, you can reset without the password - would be optimal.
That way a problem of either the biometrics not working for some reason (no idea why - but I have to imagine this happens), or not knowing the password but being able to biometrically identify - would be solved.
Theoretically a thief who had you at gunpoint could still force the issue, but somebody that has you at gunpoint can do a whole bunch of stuff that’s really, really hard for a phone company to protect against.
2 Likes
I have driven Policecruiser for a couple of years by myself (and doing so still for a couple of times during a year as I am still in the Reserve), and I worked(among some other jobs) as a driver for a security company during my time at the University who handled the Armoured Money Transfer not just for 60m, but over larger distances, with higher values, and a real potential of becoming the target of some robbers.
I also been used to get transferred at certain destinations from the Airport to the Crewhotel with armored vehicles, and a squad of paramilitary security on our side, also with the order to never leave the hotel during the stay without an escort by them.
So I think I have more or less experience with situations like that, and with that in my mind, I can assure you, that you are totally safe in keeping your informations on your phone with you.
If you are really might end up in a situation at gunpoint, hand them your phone, and the relevant codes, and after they are gone, call the relevant number for your country and lock your credit cards and so on, to get them renewed after a few days. This is normally no big deal!
BTW, sorry, but getting driven by a City Police Car for 60m to deposit your checks every night, because it is “company policy”, seems to be a severe case of corruption and the misuse of public resources!
Where was that, and what company had initiated this?
It’s not uncommon here in the US for police to be paid for situational private security. It’s all legit and above board.
And there are absolutely neighborhoods where exiting a building and walking 200 feet with an envelope of money would be potentially dangerous enough that having a police escort would be wise.
Good thinking. And I can think of a common situation where biometrics would “not be working” — namely every 14 days when the phone makes you enter your password.
When I say out of scope, I don’t mean that it’s not a problem; it’s just a completely different class of problem. Once they’re in a position to credibly threaten you with violence, they don’t need any passcodes. They can just make you do for them what they would have done.
I’ve often thought that ATM cards and phones should actually have two PINs or passcodes.
One is the normal one you use routinely.
The other you use only in emergencies, when for whatever reason you’re entering it under duress. It functions just like normal, but triggers a silent call to the authorities/police.
Anyone coercing you would have no idea that you entered the emergency PIN/passcode. They’d get the cash from the ATM, or get into the phone, but at least in theory, help would be on its way.
4 Likes
This is a nice idea, BUT most people are having small pieces of paper in their pockets, where they note their ATM-Pins, because they can’t remember them, or noting their password for the computer under the Desk pad.
Having two PINs wouldn’t help those people in any way.
Just curious - how many people do you actually know that have pieces of paper with their PIN codes? Unless they’re really good at hiding them, I don’t know any.
1 Like
I know personally 7 people who do so, but only because they are close friends, or family, I did not do any personal survey on this.
But there where a article in a German news magazine a couple of weeks ago, where they actually did an large survey and asked also a question regarding this point, and they came up with way above 70% (I did not remember the actual number, but it might even been something in the 80s if I remember it right) of people who are doing so!
This thread led me to checking my settings. Under Faceid and passcode. What recommendations to people have for settings under “Allow access when locked?”
When I was a kid I knew my own phone number and that of many of my friends. These days I know the birthdays of my 8 closest family members and have a fair idea of a few more. I also remember multiple passwords, some rather long, that I use regularly. I don’t know so many phone numbers today because these days we just tap a name, but I do know half a dozen.
Years ago, to annoy my father, I learned the first 30 digits of pi. Later I extended to 40 and I can still do it to 30 without any trouble and with a little thought can get it out to 40 again.
3.1415926535897932384626433832795028841971 — all from memory, but I did have to double check the last 5 digits as I wasn’t sure. People think I’m crazy for that, but I learned it by wanting to. For the record, my father was suitably impressed (and annoyed).
I think most people can remember multiple numbers if they want to. It’s the same with “I don’t know how to use computers”. Only because you’d rather you didn’t have to.
3 Likes
I recently discovered that if you set the Content Restrictions to not allow account changes and passcode changes, Apple reset those to allow changes if you update ios.
Having just checked after your post it hasn’t switched it off on mine - still all greyed out.
I don’t allow anything to be accessed when locked.
I don’t know if it does this after every update or only major ones. The content restrictions password is still in place, but the account and passcode changes are back to “allow”.
Perhaps it’s only my device
iOS 17.3 is in Beta. I am not on any betas, but there are reports that Apple is addressing this issue with an option that can be enabled:
It is called “stolen device protection”:
If you enable the new Stolen Device Protection, your iPhone will restrict certain settings when you are away from a location familiar to the iPhone, such as your home or work. (…) If you want to change an Apple ID password when away from a familiar location, the device will require your Face ID or Touch ID. It will then implement an hour-long delay before you can perform the action. After that hour has passed, you will have to reconfirm with another Face ID or Touch ID scan. Only then can the password be changed.
From: Wall Street Journal - or for those who have this option: Apple News+ link
My first impression: it does sound reasonable.
John Gruber (link):
Stolen Device Protection will be off by default, but users will be prompted about the feature upon restarting after upgrading to 17.3. That’s a reasonable compromise. My only doubts about the feature are the “home” and “work” safe locations, where the hour-long delay is overridden. (You still need to authenticate with Face ID or Touch ID, though.) How are these locations determined? I’ve installed the first 17.3 beta on a spare iPhone, and after enabling Stolen Device Protection, I tried changing my iCloud password, but I still need to wait an hour, even though I’m at home.