Security is at perpetual war with convenience. The faster and easier it is for us to get to our stuff, the faster and easier it is for someone else to try to break in. Make it tougher for them, though, and it can get tougher for us as well. One of the biggest advantages the iPhone and iPad give us is a better balance of the two. Touch ID and Face ID let us have strong passwords but also biometric access. iCloud Keychain lets us have unique passwords but not have to remember them all. Two-step authentication protects our accounts but in a way that's still simple to use. That said, the iPhone and iPad also have options that help us be even more private and secure. Here's how to use them!
1. Be strong
If you have a recent iPhone or iPad, you have one of Apple's personal identity sensors—Touch ID or Face ID. It lets you use biometrics to authenticate so you can unlock your device and use Apple Pay, and authorize purchases for iTunes, the App Store, and other apps. Because of this added convenience, you now have the option of creating a six-digit password, rather than using just four digits.
Take advantage of it—if you're not using 6-digits yet, go to Settings > [Touch ID or Face ID] & Passcode, and change your passcode. You'll be able to enter a new six-digit code. Even better, because you no longer have to enter your passcode as often, switch to a stronger, longer, more complex password lock instead. Sure, once in a while it'll be a pain to enter it, but that's offset by how infrequently you have to do it—only when you reboot, fail Touch ID or Face ID multiple times, or don't use your phone for 48 hours. (If you're really concerned about security, and are willing to give up on convenience for it, turn Touch ID or Face ID off and force a strong, complex password for entry.)
Even if your device doesn't have Touch ID or Face ID, you should absolutely still use a passcode lock. Not only does it protect your iPhone or iPad from casual snooping—or from people tweeting "poopin" the minute you leave it unattended—it prevents thieves from getting your data, and makes wiping it just a secure.
2. Be private
What good is having biometric ID and a 6-digit passcode or strong password if the lock screen gives all your personal data and access away?
- Control Center lets you turn on the flashlight with unlocking, but also lets a thief turn on Airplane Mode to prevent tracking.
- Notification Center lets you glance are your messages and updates, but also lets a snooper do the same.
- Siri lets you ask questions and give commands, but also lets anyone else pull up some of your information.
Touch ID and Face ID are so convenient that it only takes a second or two to unlock anyway. So, if you're the least bit concerned about privacy and security, disable notification center, control center, and even Siri from your lock screen. If you want to go half-way, disable control center and turn off previews for your messages. That way no one can disable your device or read your messages (though they can still see who messaged you).
3. Be safe
Security works best with defensive depth, and defensive depth means having as many layers to your security as possible. A passcode is something you know. Touch ID and Face ID—your fingerprint and your face—are things you have. Sadly, since Apple doesn't allow you to use both passcode and biometric identification for added security, that alone doesn't add any depth. It simply adds convenience. Enter 2-step verification.
With 2-step you need to enter both as password and a token—something you know and something you have. The token is supplied to your iPhone, iPad, Apple Watch or another device over SMS or over an app like Google Authenticator, Authy, 1Password, etc. That way, if someone gets your password but doesn't have the device and the current token—which change continuously—they still can't get in.
Not all services offer it and many do it differently but for anything that contains personal information, including your email, messages, online storage, etc., you should absolutely enable it.
Note: Apple is in the midst of transitioning from an old to the new 2-factor system but everyone should still have access to one of the two.
- How to set up two-factor authentication for iCloud
- How to set up two-factor authentication for Google
- How to set up two-factor authentication for Dropbox
- How to set up two-factor authentication for Facebook
- How to set up two-factor authentication for Twitter
- How to set up two-factor authentication for Tumblr
- How to make two-factor authentication easy with Authy
4. Be clean
What you look at on your devices is your business. If you don't want it being anyone else's business, though, you should make sure cookies, web history, and other information about your browsing doesn't get recorded and tracked across the internet. Safari pioneered private browsing, but almost every browser offers it now. They also offer ways to delete information that's already been logged. For iPhone and iPad, simply go to Settings > Safari. For Google, regardless of device, go to activity controls.
If you're at a coffee shop, hotel, or some other public place where you can't trust the network, you may want to consider tunneling your activities through a VPN as well.
5. Be tough
Just because an app wants your location it doesn't mean you want that app to have it. Not only is your location among the most private information you have, monitoring your location is a drain on your iPhone's or iPad's battery and processor. So, make sure you go through your Settings > Privacy > Location and turn off anything you don't use regularly or need urgently. You can always turn in back on when and if you need it again.
Likewise, if you've given other apps access to your Twitter (make sure you use Share > Request Desktop Site on iOS), Facebook, or other accounts, periodically go through and review that access as well.
6. Be smart
Security is at constant war with convenience. Fortunately, in order to tip the scales slightly more towards convenience, there are password managers. They store all your strong, unique passwords and grant you access with either a single master password or your fingerprint or face via Touch ID or Face ID. Thanks to action extensions, you can even use them to fill passwords right into Safari and other apps.
iCloud Keychain comes built right in, but if you want to be even more secure, you can use 1Password, Lastpass, DataVault or another dedicated password manager that offers additional features like security audits, alerts, teams, token support, and more.
Your top tips?
Those are our top tips for taking your iPhone, iPod touch, and iPad security to the next level! If you've got any other tips, or alternate ways to keep stuff safe on iOS, let us know!
○ How to use two-factor authentication
○ How to protect your data from being hacked
○ How to quickly temporarily disable Face ID
○ Best practices for staying safe on social media
○ Best VPN services
○ How to lock down your data on iPhone and iPad
○ Best ways to increase iPhone and iPad security
○ How to back up your iPhone, iPad, and Mac
○ Differential privacy — Everything you need to know!
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.