11 critical iPhone Security
11 critical iPhone Security if one object you own encapsulates who you are, how you think, and what you do, it’s your smartphone. Our phones not only contain our contacts and messages, but capture and store countless other metrics about our lives, from financial records to health data to myriad communications with everyone we know.
Smartphones also contain data about the places we go (and the routes we took to get there) as well as the searches we make and websites we browse (revealing what’s on our minds). Thanks to journal and to-do apps, they even document our goals, hopes, and dreams. And smartphones aren’t just data-retention devices; the apps and services we use on them broadcast data about us to third parties.
Travel to Bali Now
Contact Eka Jasa to get your Bali Visa now!
WhatsApp: +62 818 0688 1419
or eMail: firstname.lastname@example.org
(Indonesian, English, Dutch, French spoken)
That’s why it’s so important to understand what privacy and security protections the smartphone you use offers—and to make sure you have such protections enabled. I’ve written before that Apple is unique among modern tech giants in that it builds its products with privacy at the forefront. But many of those protections and tools available on every iPhone only make a difference if you’re aware of them—and judging from my conversations with friends, many people aren’t.
If you’re an iPhone user, these are the security and privacy features you need to know about—and should be using.
Security code autofill
What it is: Many sites and apps—from Facebook and Google to financial services—offer two-factor authentication, or 2FA. With 2FA enabled, logging into a website or app requires both your password and a unique code that is texted to your phone number or delivered via an app such as Google Authenticator. You have to input this code in order to gain access to your account. Even if someone else has your password, they won’t be able to break into your accounts if they can’t get the code.
Your iPhone can enter texted security codes for you.
The problem is many people choose not to enable 2FA, which has traditionally been a pain involving hopping back and forth and copying and pasting. So Apple introduced a feature in iOS 12 and higher called security code autofill. Now when you log into an app or website where you have 2FA enabled, you no longer need to navigate to the Messages app to retrieve your texted 2FA code. As soon as the text with the code arrives, it’ll be routed to the iPhone’s keyboard where you can just tap on the code to autofill it into the security field in an app or website.
Why it’s important: Apple eliminated the most annoying thing about 2FA, which means more people are now likely to adopt it. If an app or website offers 2FA, you should enable it immediately. Thanks to iOS’s security code autofill, 2FA will no longer slow you down.
How to enable it: Security code autofill is built into iOS 12 and higher, so you don’t need to enable the feature on your iPhone. When you get a text with a 2FA security code, it’ll be automatically routed to the code field on the app or website you are trying to log into.
You will, however, need to enable 2FA on any apps or websites you want to use the security feature with. I highly recommend enabling 2FA on every social media and financial site you use. You can see if some of the sites you use offer 2FA here.
Password reuse auditing
What it is: iOS has long had the Keychain, an encrypted password manager that saves your usernames and passwords so they can be auto-filled on apps and websites you log in to. But with iOS 12 and higher, your Keychain now has a password reuse auditing tool built in. What this does is identify every instance where you’ve reused a password for multiple sites and apps.
Why it’s important: Password reuse is a major security problem. Before iOS 12, if you used the same four or five password variations out of laziness across hundreds of sites and apps, you weren’t alone. Two recent surveys found that 59% of people use the same password everywhere, and 83% of people reuse the same password on multiple sites. If just one of those sites or apps gets hacked, your information anywhere else you used that password is at risk.
If you’re reusing passwords on multiple sites, cut it out—with your iPhone’s help.
But now thanks to password reuse auditing in iOS, you have no excuse to be lazy anymore. You can see which websites you’ve reused passwords on and then give them unique passwords. However, that’s not the biggest advantage of this tool. The real advantage is that it visualizes how vulnerable you’ve made yourself by reusing the same password on multiple sites—and as we’ll see in a moment, you can easily create unique strong passwords for every site and app you use.
How to enable it: iOS’s password reuse auditing tool is a built-in feature in iOS 12 and higher. To see it in action, and to see which sites and apps you’ve reused passwords on, go to the Settings app on your iPhone, scroll down, and tap “Passwords & Accounts,” and then tap “Website & App Passwords.” This is where your Keychain is located. You’ll need to authenticate with Face or Touch ID, and then you’ll be taken to a list of your app and site passwords.
Any site or app that has an exclamation mark in a triangle next to it means you are also using its password for another site or app. If you see this symbol, tap on it. On the next screen, you’ll see a link that says “Change Password on Website.” This will take you to that site’s password management screen where you can change your password.
11 critical iPhone Security
If you have dozens or hundreds of services that use the same password, creating unique passwords may seem daunting—BUT do it anyway. If you have a couple hundred accounts with passwords, just change 25 passwords a day for eight days, and then every account you use will have a unique password in little more than a week.
Automatically create strong web and app passwords
What it is: iOS 12 and higher also has a feature that will automatically create complex and unique passwords for websites and apps. These are passwords that are so complex it is doubtful anyone could ever guess them—even you.
If you can remember a password, it isn’t strong enough.
But you don’t even need to write these passwords down. iOS will automatically save them to your Keychain, and they will be synced across all your iOS devices and Macs, where they’ll automatically be filled in when you log into a site or app.
Why it’s important: As we’ve seen, even if you already have a pretty strong password, it becomes much weaker if you use it at multiple sites. But most of us don’t even have strong passwords. Generally, people choose weak passwords because they are easier to remember. But password managers, like the one built into iOS and MacOS, have made remembering passwords obsolete. Still, the problem remains that many people simply don’t create strong, random, and unique passwords. So now iOS will do it for you.
How to enable it: Next time you create an account in an app or at a website on your iPhone, when you select the “Create password” field, you’ll now see iOS has automatically inserted a unique password in the field. Tap the “Use Strong Password” button to use the recommended password, and iOS will automatically store it in your Keychain. iOS never generates the same strong password twice.
Set encrypted messages to auto-delete
11 critical iPhone Security
What it is: iOS automatically uses end-to-end encryption on all messages sent using Apple’s Messages app. This means no one can read your messages except for you, and the recipient, not even Apple—even if the company is ordered to by a government agency. Yet end-to-end encryption won’t stop someone who has access to your phone from accessing your messages, which is why you should set them to auto-delete sooner rather than later. Once an encrypted message is deleted from your device, it is virtually impossible to recover (though a copy will remain on recipients’ devices until they delete it, too).
Automatically deleting old iMessages is a good security measure—and it saves storage space, too.
Why it’s important: By default, iOS will store all your iMessages on your phone forever—and they will be transferred to your new phone when you get one. But these messages often contain very personal communications with our loved ones or details that could make us or them vulnerable. For example, parents will often communicate with their children about their schedules and whereabouts, such as what time they will be at soccer practice. A third party who gains access to years worth of those messages could reasonably work out where your child is going to be and when. Other times, we’ll share sensitive information with our family or friends via text messages—like the code to our home security system if a friend is watching our place while we are away. This information would be invaluable to a stalker or thief, and there’s no reason a copy of it should be sitting around on your phone for years.
Beyond issues of privacy, years’ worth of text messages can take up an insane amount of space on your smartphone. Back when I had my text messages set to save forever, I looked at how much space they were taking up on my 64GB iPhone: 8.5GB! And I never go back and look at text messages that are more than a week old.
How to enable it: On your iPhone go to Settings>Messages>Keep Messages. On the next screen, you’ll be able to select to keep messages for 30 days, one year, or forever. By default, this is set to forever, but I recommend everyone set it to 30 days, or at the most, one year.
Using iOS’s default browser is a privacy measure in itself.
What it is: iOS’s built-in web browser.
Silence spam and robocallers.
What it is: iOS now offers a feature that is charitably named “Silence Unknown Callers.” What it really does is stop robocallers and spam callers from annoying you.
Why it’s important: Spam and robocalls are a major problem in America. They lead to wasted time, productivity, and in some cases, higher phone bills. The problem is so pervasive, that YouMail’s Robocall Index says 4.7 billion robocalls were placed in January 2020 alone. That’s 153 million each day.
While carriers, states, and the federal government have taken steps to diminish the robocall scourge, Apple isn’t waiting around for things to get better through legislative initiatives. In iOS 13, the company introduced the “Silence Unknown Callers” feature that, when activated, will automatically send unidentifiable calls to your voicemail (which, let’s be honest, no one uses anymore anyway).
How to enable it: Go to Settings>Phone and scroll down until you see the “Silence Unknown Callers” toggle. Tap this switch so it’s on (green), and from then on, all calls from unknown numbers (ie: those not in your Contacts) will be silenced for good.
Quickly disable Touch ID and Face ID
11 critical iPhone Security
What it is: Depending on which iPhone you own, you use either Touch ID or Face ID to unlock your phone without needing to enter a passcode. They’re handy but don’t offer the same amount of constitutional protections that passcodes offer. That’s why iOS now allows users to disable Touch ID and Face ID at a moment’s notice.
If worse comes to worse, you can disable Touch ID and Face ID.
Why it’s important: Thanks to Fifth Amendment protections, in most instances, law enforcement can’t compel someone to enter a passcode to unlock a device without a search warrant. But prior to 2019, some courts had said that biometric authentication methods aren’t similarly protected. In many states, that meant law enforcement could force you to unlock your phone using Face ID or Touch ID. However, that all changed in January 2019 when a judge ruled that law enforcement forcing someone to biometrically unlock their phone “runs afoul” of the Fourth and Fifth Amendments. But law enforcement aside, while Touch ID and Face ID are convenient, both leave you vulnerable to unwanted unlocks when you are sleeping.
How to enable it: Go to Settings>Emergency SOS and make sure the “Call with Side Button” toggle is on (green). Now, whenever you want to quickly disable Face ID or Touch ID, press the iPhone’s Side button five times. A screen will appear that shows three sliders: power off, Medical ID, and Emergency SOS. Below them will be a cancel button. Once this screen appears, Face ID and Touch ID are automatically disabled, and you’ll only be able to unlock your phone with your passcode (keep in mind, once you unlock it with a passcode, Face ID and Touch ID are reenabled).
In a worst case scenario, nuke your data
Deleting your data might be painful, but it’s better than letting it fall into the wrong hands.
What it is: iOS offers a feature that deletes all data on your iPhone if the wrong passcode is entered 10 times in a row.
Why it’s important: The contents of your iPhone contains personal and private details about every aspect of your life. If the worst happens and someone steals it, it’s good to know that with this security feature, the thief won’t have endless opportunities to guess your passcode. Once they get it wrong for the tenth time, all the data on your iPhone will automatically be deleted and can’t be recovered.
Yes, this is a worst-case scenario, but it’s better than having all your personal and private data in the hands of a thief or hacker.
How to enable it: Go to Settings>Face ID & Passcode (Touch ID & Passcode on an older iPhone) and at the bottom of the screen, toggle the “Erase Data” switch to on.
By Michael Grothaus
Sign-up for Updates by email
[gravityform id=”1″ title=”false” description=”false”]
11 critical iPhone Security Source: Fast Company