



Some disturbing reports have revealed that criminal gangs have found it relatively easy to access their owner’s bank account using a stolen iPhone. The first report didn’t explain the method used, but the next report described how to replace the SIM with a new device to reset the Apple ID password.

Apple is already working on one security measure that makes it easier for users to wipe data remotely from a stolen iPhone, but reports are worrisomely common among non-technical people. It also emphasizes possible security weaknesses. Save your password using the Notes app …

According to Barbeiro, the easiest way for criminals to find a password is to look at the Notes app. This is because many users seem to store their bank or credit card passwords there. […]

When downloading data from the cloud to a new device, it searches for information linked to the word password and, according to them, usually gets what it needs to access the victim’s bank account.

This is the same as modern people write passwords on paper notebooks and store them in desk drawers.

Of course, you can lock your notes on both iOS and macOS, so you’ll need a password to read them. But again, most non-technical users don’t seem to notice this.

As my colleague Filipe Espisto suggested, this is a problem that Apple can solve by creating a standalone iOS Keychain app instead of embedding functionality in the settings. This achieves two things.

First, everything stored there is automatically password protected. Unlike Notes, users don’t need to know that a locking feature exists and don’t forget to use it. And thanks to Face ID / Touch ID, it’s still easy to use.

Second, the existence of the app itself will draw attention to the need to pay attention to the protection of sensitive information.

This app should be much more familiar than the Mac app. It has a notorious and unfriendly user interface, and the ability to save secure notes is quite buried.

Another benefit of having a dedicated iOS app is that it also helps educate users. I don’t think tech savvy people store their bank passwords everywhere. We know that there is no perfect security system. The most secure place to store really sensitive passwords like banks and other financial passwords is in our heads. There are many memory technologies that can be used to reliably remember really complex passwords.

Therefore, one thing you can do with a user-friendly Keychain app is to include a warning that the safest way to store your financial password is to remember it the first time you open it. (Perhaps asking Apple to note that even its own secure apps aren’t 100% secure is wishful thinking, but these feature requirements are wishful thinking …)

And for the rest of us, it will provide more convenient access to our keychain items when using iPhone and iPad. It’s all we’ve experienced that Keychain didn’t recognize a particular website and had to look up Keychain Access on the Mac and get it. This makes it easy to do the same with iDevice.

What is your view? Do you want to see a dedicated user-friendly iOS keychain app? Take our poll and share your thoughts in the comments.

Image: Mohamed Hassan / PxHere

