All this week on Talk Mobile we've been discussing security - how we keep our information, and the information of others safe. Each of us here at iMore have different approaches, different go-to apps and authentication methods, and generally different levels of paranoia we try to balance with the realities of time and convenience. So what do we do? What security apps and authentication approaches make up our personal arsenals? Here we go...
My security begins with unique passwords for each of my Macs, desktop and laptop, and unique Passcodes for my primary iOS devices, an iPhone 5 and iPad mini. Yes, I do mix them up frequently, but retyping something is a small price to pay for satiating paranoia. Once inside, I use 1Password to manage everything and anything security related. I use a strong master password to access 1Password, of course, but then 1Password generates, records, manages, and auto-completes unique passwords for every other app and service I use.
This works amazingly well on the Mac and Windows, but is still a huge pain in the ass on mobile. That's not 1Password's fault - Apple doesn't allow the same type of browser plugins on iOS as they do on the Mac, and even Android isn't as conducive. Combine that with passwords being harder to enter on mobile in general, and it makes me hope those automagical thumbprint reader rumors manifest sooner rather than later. (Safari's new iCloud Keychain sync could solve part of the problem, if you're Apple only, but hopefully 1Password and other managers will be able to sync with it as well so cross-platform types can enjoy the best of all worlds.)
I have 2-step verification set up for Google and Dropbox, but I still get bad tokens and sometimes get locked out of my own stuff. It's annoying enough I sometimes consider turning it off, but again, paranoia demands I don't. Still, I'd dearly love them to get their sh!t together on this, because it's important.
I don't currently use any onion routers or end-to-end encrypted communications systems, because while I think the idea of illegal spying by governments is repulsive and counter to the very freedoms they're sworn to defend - seriously, make a case to the people and change the laws if you think you're in the right, don't violate them - there's no major system I trust anyway, and rolling my own is too much overhead. My paranoia, it seems, can crumble in the face of practicality at times.
Then again, I'm careful what I put online, how and where I access things, and with whom I share what. I assume anything that touches the internet in any way will eventually become public, so I don't put up anything that I'd have a problem with being public.
Find my iPhone gives me remote tracking and wiping capabilities, something I've had to use in the past when my car window was smashed at the mall and my MacBook Pro and iPad 3 stolen.
As far as iOS security goes, I have a password on every single device I own. I also have Find My iPhone/Find My Mac installed on any computer or iOS device I have in my possession. I also keep desktop passwords on all my Macs. Not any one of them are the same either. Any backups that I make I also encrypt in case they fell into the wrong hands.
As for logins to other general websites and services, never the same passwords! Since I can't possibly remember all my logins, I use 1Password religiously on both iOS and OS X. I also use it to generate passwords for me for new accounts. They're much more secure than anything I could ever dream up. I only really use my own passwords for things I need to log in to frequently and don't have time to fiddle with 1Password each time. Even then, I make them extremely difficult to guess.
If a service offers me two-step authentication, I use that as well. I've got it set up for iCloud, Google, and Dropbox for sure and keep an eye on other services that offer it as well.
When it comes to passwords, mSecure is my chosen security tool of choice. I appreciate that in many respects 1Password is a better choice, but I've been invested in mSecure since first picking it up as a free app of the day in the Amazon Appstore for Android. With a decent Mac client, and sync between iPhone, iPad and Mac – and other, non Apple platforms – possible using Dropbox, it keeps everything I need to keep hidden, everywhere. And of course, I still use it to generate those random passwords that are so crucial.
Generally I have different pass codes on my different mobile devices, likewise each of my Mac's is locked with a different password. Specific to my Apple gear I of course have Find my iPhone installed on my iOS devices just in case. I'm actually really looking forward to the new security features iOS 7 will bring as well.
Outside of this, the biggest thing I rely on is 2-Step Authentication. Google, Dropbox, Apple ID are the three biggest, with the first two kept within Google's own Authenticator app. It's a pretty awful application – it doesn't even support the iPhone 5 display – but it does the job.
Yep, it's a pain having to wait for a call or text for a code to punch in alongside your Google credentials every time you're logging into a new service, or worse still, having to manually generate a passcode, but I've got enough important stuff strapped to my Google account that 2-step authentication is a necessary evil. It's easy enough to set up, and once you've set up your usual go-to services, it's not something you have to wrangle with often.
1Password is an enormously useful utility when it comes to managing passwords on my systems. And, in fact, that's where a lot of my security begins and ends. Having said that, I use two-factor authentication wherever I can. Two factor authentication is a process supported by more and more web services. It relies on a fundamental concept: Something You Know (like a password) and Something You Have (like a cell phone). In practical terms, what happens is that you enter a password and get a second code sent to your cell phone, which you then have to enter to proceed. It's simply a more secure way of making sure you're you. Sure, it's not foolproof - if someone stole both my laptop and my cell phone, they could potentially get around it - but it helps make sure that services I use stay as secure as they can. I use two-factor authentication with my bank, Google and other services.
Like so many others, I've been sucked into the world of 1Password in recent years. Most websites don't disclose how they store your passwords on their servers. If a site is using weak encryption methods, or none at all, you usually won't find out until its too late, and you receive an email from the website telling you that your account has been compromised. Using the same password on multiple sites means any site using that same password is now at risk. 1Password makes it easy to generate unique, and difficult to crack passwords for every site and service you use. To make things even better, Agile Bits, the company behind 1Password, offers a lot of transparency when it comes to the architecture and methodologies used in 1Password. The company takes security seriously and seems to understand that solid security is achieved with transparency and peer-review, not obscurity.
On all of my iOS devices, I enable Find My iPhone in Settings so that if they're ever lost or stolen, I can try to track where they are and remotely wipe them if necessary. I also set a passcode on all of my devices, but I don't enable Simple Passcode, which limits your passcode to 4 digits. I also don't use a complicated alphanumeric passcode. I can't type on virtual keyboards well enough to reliably enter a complicated password every time I want to unlock my iPhone. Instead, I use a sort of hybrid. If you set a passcode in iOS (with Simple Passcode turned off), and only enter numbers on the keyboard, you can set a strictly numeric passcode that's longer than 4 digits. In this case, iOS is smart enough to offer you a number pad when you go to unlock your device, rather than a full blown keyboard. You get some increased security by using a passcode that would be of an unknown length to somebody trying to break into your phone, creating far more possible combinations to guess, while keeping the ease-of-use of the number pad.
I also set passwords on my Macs, but a password alone is not enough for me. FileVault is a feature that was introduced in OS X Panther and got a significant redesign with FileVault 2 in OS X Lion. File Vault encrypts the contents of your hard drive using your password. If you just have a password set, but no encryption, somebody in possession of our computer could remove the hard drive and hook it up to another computer as an external or secondary drive to view all of its contents. All of your data would be accessible to them without them ever needing to know your password. When FileVault is enabled, the contents of your hard drive are encrypted and would be unreadable to anybody who doesn't have your password to decrypt the contents. File Vault is fairly easy to set up, which you can do from the Security & Privacy section in System Preferences.
So that was what we use for security and peace-of-mind on our iOS devices and PCs. What about you? What are your go to password, authentication, verification, backup, and sync apps?