Recent changes in SSH remote access to a Mac

Link. “there’s now a separate Allow full disk access for remote users setting, but it’s under General ‣ Sharing instead of Privacy & Security ‣ Full Disk Access. And it’s now only visible if you click the little i button next to Remote Login. With this selected, you don’t need to give sshd Full Disk Access.”

iPhone Recovery Key attack vector kills your iCloud access: Workarounds pending an Apple fix including Apple ID protection

Link. 1. It’s crazy that 6 digit passcode gives access to Apple Password Manager AND the ability to lock someone permanently out of their Apple ID (photos, media, software, documents, etc).
2. Use Screen Time account lock passcode to prevent setting/changing Apple ID or Recovery Key.
3. Good practice: Designate a Recovery Contact.