Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Five iPhone Security Features You Should Be Using
- Thread starter MacRumors
- Start date
- Sort by reaction score
I use 9999 as my passcode so that someone would have to go through 10,000 different codes before they get to mine. Oooops, forget I told you that. By the way, I only recently realized that they started allowing six digit codes starting with iOS 9. Bet you can guess my NEW passcode -- that will take even longer for a bad person to brute force.
Last edited:
You can use a recovery key. Save it on a piece of paper somewhere.
I think it’s a good idea when entering the United States
No mention ADP isn’t available any more in the UK 😡
With custom numeric passcodes, you have 34 digits to spare. Now that’s a long time to brute force!
Private Relay breaks web browsing. Works about 90% of the time but 10% of the time it introduces problems.
Apple has quite a few security features that it's added to iPhones, iPads, and Macs over the years. Now more than ever, it's important to make sure you're taking advantage of the built-in security tools that are available to keep yourself and your data safe, so we've rounded up a list of the most important options.
If you don't already have these enabled, you might want to consider turning some of them on.
Two-Factor Authentication
With two-factor authentication, you need to verify your identify when you sign into iCloud on a new device or on the web. It works by sending a six-digit code to a device where you're already signed in, and it won't authorize a sign-in on the new device unless you input that code from your existing device.
If you have an iPhone and want to sign into your iCloud account on your Mac, for example, when you enter your Apple Account name and password, you'll get a pop-up on your iPhone with a code that you input for identity verification. Alternatively, you can set a trusted phone number where you can also get a code in case you forget your password.
Apple tries really hard to get people to use two-factor authentication, so chances are you have it enabled, but if you don't, it's a first line of defense to protect your data. There are even some iOS features that don't work without it.
You can manage two-factor authentication by going to Settings > Sign-In and Security.
Security Keys
For an extra layer of protection with two-factor authentication, you can add physical security keys, such as the YubiKey. With a security key set up, you verify your identity with a physical dongle via USB-C or NFC.
Security keys make sure no one can break into your account even if they have access to one of your trusted devices, but you definitely don't want to lose a security key. You can set this up in the two-factor authentication section of the Settings app.
Stolen Device Protection
Stolen Device Protection is a feature that Apple added after criminals got clever and started watching people enter their passcodes before stealing an iPhone.
When you turn on Stolen Device Protection, a passcode won't work for accessing sensitive information like passwords and credit card data. Instead, Face ID or Touch ID biometric authentication is required, so if a thief has your iPhone and your passcode, they won't be able to get into your accounts.
There's also a security delay that keeps your Apple Account password from being changed without two instances of biometric authentication and an hour-long delay.
Thieves are blocked from accessing passwords, making purchases, turning off Lost Mode on an iPhone, applying for an Apple Card, using an iPhone to set up a new device, and accessing credit cards and Apple Cash. There are delays for signing out of an Apple Account, changing a password, resetting settings, and turning off Stolen Device Protection.
By default, Stolen Device Protection is only on when you're away from familiar locations like your home or your work, but if you want it on at all times, you just need to change the toggle to Always.
You can get to the Stolen Device Protection settings by opening up the Settings app, going to the Face ID and Passcode section, and tapping on Stolen Device Protection.
Private Relay
Private Relay is more of a privacy feature than a security feature, but it's something that you should have on. It hides your IP address and browsing activity in Safari and protects unencrypted internet traffic so no one can see what you're doing even if you're on an unsecured network.
Private Relay is an iCloud+ feature that you get access to as long as you pay Apple at least $0.99 a month for 50GB of iCloud Storage, and it's well worth it. You should also take advantage of Hide My Email whenever possible, as it will give you temporary email addresses that you can revoke at any time.
Private Relay can be enabled by opening up Settings, tapping on your profile picture, and tapping on the iCloud section.
Advanced Data Protection
By default, some of the data that's saved in iCloud backups and uploaded to iCloud is not end-to-end encrypted, which means that Apple can provide iCloud backup data to law enforcement.
Advanced Data Protection encrypts your iCloud data so that it cannot be decrypted except for on your personal devices signed into your Apple Account. It is Apple's highest security option for cloud data.
The feature protects device backups, Messages backups, iCloud Drive files, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes, all of which can otherwise be accessed in iCloud backups by subpoena.
Advanced Data Protection is a good idea to turn on, but keep in mind that it means even Apple can't recover your data if a password is lost. To use Advanced Data Protection, Apple requires you to have a recovery key saved or a recovery contact set up as a way to regain access to your account should you lose your password.
You can get to Advanced Data Protection by opening up the Settings app, tapping on your profile picture, selecting iCloud, and then scrolling down to the Advanced Data Protection section. You can also turn it on in the Privacy and Security section of the Settings app.
Lockdown Mode
Lockdown Mode is an extreme security option that most people won't want to turn on, but it's good to know where it is in case you need it.
Apple designed this feature for journalists, activists, government employees, and others who might be in danger of being subject to sophisticated cyber attacks and mercenary spyware.
Lockdown Mode disables a lot of iPhone features, blocking Message attachments, web technologies like JIT (just-in-time JavaScript compilation), FaceTime calls from unknown contacts, shared albums in the Photos app, invites for Apple services from unknown people, physical device connections, and configuration profiles.
It essentially removes commo... Click here to read rest of article
Article Link: Five iPhone Security Features You Should Be Using
Additional security methods I strongly recommend and apply on each Iphone in the family:
- dont use a digit pin for unlocking. Use a strong passphrase
- against someone snapping your phone (android has a motion detection)
— add a shortcut to lock the screen and enable mobile data again if someone (thief) activates airplane mode
— lock the screen if any bluetooth disconnects (airpods, car)
— face id lock apps such as whatsapp or mail, so that a thief cannot access it
- disable face id with mask
- disallow default control center access when screen is locked
Unfortunately, some default “design” decisions on the iphone are simply insecure and so simple that it almost seems intentional
Good article. Have turned on advanced data protection along with two factor authentication. Private relay is another useful feature. Too bad it its limited only to Safari. Actively considering to turn on stolen device protection too.
A couple notes from a long time information security person:
If you use a physical hardware token (YubiKey or the like) get two (or three.) Enroll both for all your important accounts. That way if one gets lost/broken/locked, you can use the other. Make one your "daily use", put the other one somewhere safe, only to be used as a backup. Almost all accounts that support physical tokens support enrolling more than one. (I'm side-eyeing you, PayPal, which also requires phone SMS as the primary 2FA method, which is terribly insecure nowadays.)
Lockdown Mode is truly only for "people who know that they personally are likely to be targeted by cyberattack." It is *NOT* for your random person. I have used it for a short time when traveling abroad for work for a client that has US defense contracts. Even my use case was almost certainly overkill. It really is meant for people that "if information on my phone is hacked, someone could die." My use case isn't that severe, so I don't bother any more. It's just too much of a hassle. If I'm really worried about privacy/security, I carry "burner devices" instead. (As I used to do many years ago.) Devices that have no personal or sensitive data on them at all, are completely wiped clean immediately before travel, then again immediately after, and are only used to "remote access" machines that do have access to the data I need. (AKA: VPN in to my home network, then use Remote Desktop to access my machine at home to do personal stuff.)
Use Passkeys. If all your devices have FaceID/TouchID, Passkeys are incredibly secure methods of logging in to websites. And they're easy.
If you use a physical hardware token (YubiKey or the like) get two (or three.) Enroll both for all your important accounts. That way if one gets lost/broken/locked, you can use the other. Make one your "daily use", put the other one somewhere safe, only to be used as a backup. Almost all accounts that support physical tokens support enrolling more than one. (I'm side-eyeing you, PayPal, which also requires phone SMS as the primary 2FA method, which is terribly insecure nowadays.)
Lockdown Mode is truly only for "people who know that they personally are likely to be targeted by cyberattack." It is *NOT* for your random person. I have used it for a short time when traveling abroad for work for a client that has US defense contracts. Even my use case was almost certainly overkill. It really is meant for people that "if information on my phone is hacked, someone could die." My use case isn't that severe, so I don't bother any more. It's just too much of a hassle. If I'm really worried about privacy/security, I carry "burner devices" instead. (As I used to do many years ago.) Devices that have no personal or sensitive data on them at all, are completely wiped clean immediately before travel, then again immediately after, and are only used to "remote access" machines that do have access to the data I need. (AKA: VPN in to my home network, then use Remote Desktop to access my machine at home to do personal stuff.)
Use Passkeys. If all your devices have FaceID/TouchID, Passkeys are incredibly secure methods of logging in to websites. And they're easy.
I think most people in the UK didn't us it or even know about it until the UK gov sent the demand to Apple. If/when the court throws the request out more people are going to be enabling it once it's re-enabled in the UK.
That’s why I can’t turn on ADP as well. I have some old devices I still want to use.
Your 2017 MBP is probably compatible with ADP, some 2017 MBs can be upgraded to Ventura (13.1), which is compatible with ADP.
Wipe the phone, stick on it a ‘burner’ email account and populate it with email you need. Same with sms etc but leave messages disabled. Once you are over the border, factory default and restore your main iCloud account. Or just take a burner phone with you when you travel.
You can also have multiple 2FA "Trusted Phone Numbers." I have my phone and my wife's, and my mom's. Even landlines (remember those?) will work; it'll give a verbal code instead of SMS.