I'm sure that you carry a lot of data around with you on your iPhone, personal data that you wouldn't want others to gain access to. While iOS is great at keeping your data secure, it's a good idea every so often to take the time to check that everything is good and secure.
There's no better time to do this than now!
Biometric access using your face or fingerprint is both secure and convenient, but only a strong passcode can keep your data secure.
No matter whether you use Touch ID or Face ID, you still need a passcode, and the stronger the passcode you can use -- and remember! -- the better. It really is the cornerstone of your security. If this falls into someone's hands, they own your iPhone and its data.
Remember, even if you use biometrics to access your iPhone, the passcode is still there as a backup, so make it a strong one. I also recommend changing it every few months for additional security against shoulder-surfers.
Go to Settings > Face ID & Passcode (or Touch ID & Passcode on older iPhones with the Touch ID button), enter your existing passcode, and then tap on Passcode Options (or Change Passcode if you have this set already) to get a set of options.
Choose between Custom Alphanumeric Code (the most secure) or Custom Numeric Code (second-best option). I don't recommend 4-Digit Numeric Code because it's easy for shoulder-surfers to see what your PIN code is (it's also sometimes obvious which four numbers are in use because of the position of the greasy fingerprints on the display).
While you're here, scroll down to Erase Data and make sure that's on.
After 10 attempts (toward the end there will be a timer-based lockout to slow down the entry process, preventing pranksters from nuking your data), the encryption key will be deleted and your data permanently and securely wiped.
Use a password manager
The cornerstone to all good security is having good passwords.
iOS has both a password autofill feature using the built-in iCloud Keychain or third-party password managers such as LastPass, Dashlane, and 1Password.
You can find this feature in Settings > Passwords > AutoFill Passwords.
Enable two-factor authentication for your iCloud account
One of the best ways to protect your data is to set up and use two-factor authentication. This means that, even if an attacker has your iCloud username and password, Apple will send an authentication code to a device you've chosen, which should block most attacks.
Go to Settings > and tap your name at the top of the screen, then go to Password & Security, then choose Two-Factor Authentication.
Make sure your iPhone is locking itself quickly
The shorter you set the lock screen timeout setting (there are options ranging from 30 seconds to never), the sooner your iPhone will require authentication to access it. Sure, it can be a bit of a speedbump, but Face ID and Touch ID are pretty fast and smooth.
This is also a good way to save battery power.
You can change the auto-lock time by going to Settings > Display & Brightness > Auto-Lock.
I have mine set to 30 seconds.
Use Find My
This is a handy feature to have on if you worry about your device being stolen, or if you are the sort of person who loses things. In these situations, every second counts.
To activate it go to Settings and then tap your name at the top of the screen, and go to Find My > Find My iPhone.
From here, you can also check the Send Last Location feature, which sends the location of your device to Apple when the battery is low, allowing you to find it even when the battery is flat, and Find My network, which helps you locate your iPhone even if it is offline.
Don't give apps your precise location
Now you have the option to allow apps access to your general location, but not your precise location. It's nice to have the choice to use location data without giving a pinpoint location.
It makes sense for some apps to have your precise location -- mapping and navigation, for example, and the Tile app that tracks my stuff -- but, for other apps, it might not make sense, and for those, you can tell iOS to give them location data that's a bit vaguer.
To access this setting go to Settings > Privacy > Location Services and then check the permissions for the apps that have access to your location.
Control how much data your locked iPhone can leak
Control how much -- or how little -- you want to be accessible on a locked device.
iOS gives control over the following:
- Today View
- Notification Center
- Control Center
- Reply with Message
- Home Control
- Return Missed Call
- USB Accessories
The bottom line is that the more you lockdown, the more secure your device and data will be. The flip side is the more you lock it down, the more often you have to unlock your device to see what's going on.
The USB Accessories feature is especially useful because it will prevent the Lightning port from being used to connect to any accessory if your iPhone or iPad has been locked for more than an hour.
Go to Settings > Face ID & Passcode (or Touch ID & Passcode on iPhones with Touch ID), and enter your existing passcode and then scroll to the bottom of the page to control this.
It's also a good idea to secure notifications. While it's super convenient to have information displayed on the lock screen, remember that this is available to all, so you might want to lock down what's displayed.
To do this go to Settings > Notifications > Show Previews and change the setting to When Unlocked or Never.
Don't give apps access to all your photos
Photos can be incredibly personal, and now you can choose not to give apps access to all -- or for that matter, any -- of your photos.
When an app first requests access to your photos, you get the option to block access, give full access, or access to selected photos.
And if you change your mind, you can head over to Settings > Privacy > Photos and make changes there. It might be a good idea to go check what permissions you've given existing apps and whether you want to make any tweaks.
Stop your iPhone from being tracked on Wi-Fi networks
Your iPhone can now dish out a fake MAC address to Wi-Fi routers, which prevents your device from being tracked when using network connections.
This feature is on by default, and you can find it by going Settings > Wi-Fi and then click on the "i" in a circle next to the network.
Note that while this works fine on most networks, it can cause issues. For example, some smart networks are designed to send out a notification when a new device connects. It can also mess with parental controls or corporate/enterprise networks where permissions are assigned based on MAC address (it's not recommended to use MAC address for authentication, but it happens).
If you have problems with certain Wi-Fi networks, you may have to turn this feature off.
Use hardware authentication
I'm a big believer in using hardware authentication, which is why I recommend using something like the Yubico Yubikey.
Get one and use it.
Install a security app
I've been using iVerify for a few months, and it offers intelligent suggestions for securing iOS.
What's that green/orange dot at the top of your screen?
A green dot appears when the camera is accessed (similar to the green LED that lights up on Macs when the camera is on), and an orange dot for microphone access. It's a handy indicator for misbehaving apps.
Not sure what app is switching on the camera or microphone? Head over to Control Center, and you'll notice a notice at the top showing you the most recent app that has accessed the camera or microphone.
Use a VPN, especially if you use free Wi-Fi
Do you spend a lot of time using free Wi-Fi when out and about? If you do then you really need a VPN.
See: Best VPNs of 2021
A VPN (virtual private network) allows you to create a secure connection between your device and the VPN service provider's server, allowing you to browse the web securely and without others being able to snoop on what you are doing.
There a lot of VPN providers out there to choose from, but if you are looking for a recommendation, my choice is F-Secure's Freedome VPN.