Right now, Apple’s iCloud Keychain (where saved passwords are stored) relies on the same authentication methods as your iPhone in general: Face ID or device passcode. This means: • If Face ID fails, it falls back to the device passcode. • Anyone with your passcode can unlock not only your phone but also your saved passwords by allowing the phone to go into the “enter iPhone password to view passwords” on the password app.
Why this matters if someone knows or coerces your device passcode, they could potentially: • Bypass Face ID • Access sensitive password data • Compromise multiple accounts and could access all passwords I have saved on the password app.
So, Let’s say my girlfriend knows my phone passcode, she pretty much then has access to all other password and backup codes I have saved on the password app.
For this security vulnerability I believe it would be beneficial to introduce more advanced security options for accessing the Password section on iPhone.
Specifically, 1. The ability to require Face ID only, without fallback to device passcode. 2. An option to set a dedicated password just for accessing the Passwords section (separate from the phone passcode). 3. Additional optional layers of protection, such as two-factor authentication or a biometric lock, that would prevent access even if someone knows the device passcode.
These features would provide an extra level of security for users who are concerned about unauthorized access if someone gains access to their phone passcode.
