Password Security: How do you Steal iOS Passwords, Just Ask for Them

If you have spent any time using iOS you been prompted to input your iTunes password. This measure can ensure that no one but you can access to your important account data. However, iOS will ask for your password quite often, and security researchers point out this good-intentioned practice could actually have the opposite effect.

Apple’s constant insistence that users enter their passwords leaves them open to phishing. It’s not only the frequency of requests, but the way iOS asks for that password makes it very easy for malicious developers to steal passwords. You might think you’re just typing your password into yet another Apple dialog box, but it could be a fake.

Until Apple makes some changes, users can protect themselves by pressing the home button before inputting their password in dialog boxes. If the box is spawned by the app, it will disappear along with the rest of the app. If it’s actually a system dialog, it will remain on the screen.