The iPhone and iPad make our lives more convenient than ever, but they can also help us make them more private and more secure. Here's how!
Security is at perpetual war with convenience. The faster and easier it is for us to get to our stuff, the faster and easier it is for someone else to try and break in. Make it tougher for them, though, and it can get tougher for us as well. One of the biggest advantages iPhone and iPad give us is a better balance of the two. Touch ID lets us have strong passwords but also biometric access. iCloud Keychain lets us have unique passwords but not have to remember them all. Two-step authentication protects our accounts but in a way that's still simple to use. That said, iPhone and iPad also have options that help us be even more private and secure. Here's how to use them!
1. Be strong
If you have a recent iPhone or iPad, you have Apple's personal identity sensor—Touch ID. It lets you use biometrics to authenticate so you can unlock your device and use Apple Pay, and authorize purchases for iTunes, the App Store, and other apps. Because of this added convenience, iOS 9 has upped the passcode ante from 4-digits to 6-digits.
Take advantage of it—if you're not using 6-digits yet, go to Settings > Touch ID & Passcode, and change your passcode. You'll be prompted for 6-digit one. Even better, because you no longer have to enter your passcode as often, switch to a stronger, longer, more complex password lock instead. Sure, once in a while it'll be a pain to enter it, but that's offset by how infrequently you have to do it—only when you reboot, fail Touch ID 5 times, or don't use your phone for 48 hours. (If you're really concerned about security, and are willing to give up on convenience for it, turn Touch ID off and force a strong, complex password for entry.)
Even if your device doesn't have Touch ID, you should absolutely still use a passcode lock. Not only does it protect your iPhone or iPad from casual snooping—or from people tweeting "poopin" the minute you leave it unattended—it prevents thieves from getting your data, and makes wiping it just a secure.
2. Be private
What good is having Touch ID and a 6-digit passcode or strong password if the lock screen gives all your personal data and access away?
- Control Center lets you turn on the flashlight with unlocking, but also lets a thief turn on Airplane Mode to prevent tracking.
- Notification Center lets you glance are your messages and updates, but also lets a snooper do the same.
- Siri lets you ask questions and give commands, but also lets anyone else pull up some of your information.
Touch ID is so convenient—and so fast on the iPhones 6s—that it only takes a second or two to unlock anyway. So, if you're the least bit concerned about privacy and security, disable notification center, control center, and even Siri from your lock screen. If you want to go half-way, disable control center and turn off previews for your messages. That way no one can disable your device or read your messages (though they can still see who messaged you).
3. Be safe
Security works best with defensive depth, and defensive depth means having as many layers to your security as possible. A passcode is something you know. Touch ID—your fingerprint—is something you have. Sadly, since Apple doesn't allow you to use both passcode and Touch ID for added security, that alone doesn't add any depth. It simply adds convenience. Enter 2-step verification.
With 2-step you need to enter both as password and a token—something you know and something you have. The token is supplied to your iPhone, iPad, Apple Watch or other device over SMS or over an app like Google Authenticator, Authy, 1Password, etc. That way, if someone gets your password but doesn't have the device and the current token—which change continuously—they still can't get in.
Not all services offer it and many do it differently but for anything that contains personal information, including your email, messages, online storage, etc., you should absolutely enable it.
Note: Apple is in the midst of transitioning from an old to new 2-factor system but everyone should still have access to one of the two.
- How to set up two-factor authentication for iCloud
- How to set up two-factor authentication for Google
- How to set up two-factor authentication for Dropbox
- How to set up two-factor authentication for Facebook
- How to set up two-factor authentication for Twitter
- How to set up two-factor authentication for Tumblr
- How to make two-factor authentication easy with Authy
4. Be clean
What you look at on your devices is your business. If you don't want it being anyone else's business, though, you should make sure cookies, web history, and other information about your browsing doesn't get recorded and tracked across the internet. Safari pioneered private browsing, but almost every browser offers it now. They also offer ways to delete information that's already been logged. For iPhone and iPad, simply go to Settings > Safari. For Google, regardless of device, go to activity controls.
If you're at a coffee shop, hotel, or some other public place where you can't trust the network, you may want to consider tunneling your activities through a VPN as well.
5. Be tough
Just because an app wants your location it doesn't mean you want that app to have it. Not only is your location among the most private information you have, monitoring your location is a drain on your iPhone's or iPad's battery and processor. So, make sure you go through your Settings > Privacy > Location and turn off anything you don't use regularly or need urgently. You can always turn in back on when and if you need it again.
Likewise, if you've given other apps access to your Twitter (make sure you use Share > Request Desktop Site on iOS), Facebook, or other accounts, periodically go through and review that access as well.
6. Be smart
Security is at constant war with convenience. Fortunately, in order to tip the scales slightly more towards convenience, there are password managers. They store all your strong, unique passwords and grant you access with either a single master password or your fingerprint via Touch ID. Thanks to action extensions, you can even use them to fill passwords right into Safari and other apps.
iCloud Keychain comes built right in, but if you want to be even more secure, you can use 1Password, Lastpass, DataVault or another dedicated password manager that offers additional features like security audits, alerts, teams, token support, and more.