Summary
- Every iPhone owner should at least have two-factor authentication enabled for their iCloud account, which will deter remote hackers.
- Frequently, it’s also wise to enable automatic iOS updates and Stolen Device Protection, the latter protecting you from thieves who see you enter your passcode.
- Advanced Data Protection may be necessary if you’re worried about governments seizing data from iCloud backups, although it’s not available in the UK.
It’s risky being a
smartphone
owner. The benefits usually outweigh the downsides — many of us would have trouble getting around town without
Google Maps
, for instance — but with so much private data on a device that’s constantly connected to the internet, it’s a tempting target for criminals. Thieves, meanwhile, are always on the lookout for expensive electronics, and might also use the opportunity for identify fraud.
Over the years, Apple has built up a reasonably solid bulwark around the
iPhone
. The catch is that you need to be aware of iOS security features, which aren’t always well-advertised. Here’s a quick primer on some of the most important features you should be using, although a few might depend on your circumstances.
Apple iPhone 16e
Apple’s new iPhone 16e is aimed at users on a budget, sporting many popular iPhone features while being priced much lower than its flagship counterpart, the iPhone 16.
Related
Do you really need to worry about spyware on your phone?
It’s a matter of where you live, what you do, and what your security habits are like.
1
Two-factor authentication
An absolute must
Apple / Pocket-lint
Before anything else on this list, you should enable two-factor authentication (2FA) for your iCloud account. There’s a market for hijacked iCloud accounts out there, since buyers have the opportunity to commit fraud or access some of your most sensitive data, possibly including logins to other accounts. Hackers may also break in for their own purposes, naturally.
It’s a strong deterrent against remote hacks, since even the correct username and password won’t be enough.
When you try to sign in to a new device or iCloud.com, 2FA forces you to enter a six-digit code displayed on another signed-in device, such as an iPad or Apple Watch. You can also have texts sent to a phone number. Either way, it’s a strong deterrent against remote hacks, since even the correct username and password won’t be enough.
On your iPhone, you can toggle 2FA by going to Settings > Sign-In and Security > Two-Factor Authentication. You can even choose to enable a physical security key, but this isn’t recommended unless your phone has extremely sensitive data — you’ll need to keep the key nearby, and losing it could create serious problems.
Related
How to protect your Roku account with two factor authentication
Roku’s suffered multiple security breaches that put your account at risk. Here’s how to keep your account safe with two factor authentication.
2
Automatic iOS updates
Close those security gaps
Some people tend not to update their iPhones unless they’re forced to. This makes sense to a degree, since if a device is already humming along, a manual update can potentially consume time and bandwidth without delivering anything noticeable in return. Apple doesn’t always publicize its updates that well, either, so it’s often up to news sites like ours to fill people in on the details.
The issue is that Apple isn’t just adding features and bugfixes with software updates — it’s often including security fixes as well, tackling new vulnerabilities as they’re discovered by researchers. Keeping iOS up-to-date minimizes the chances of hackers exploiting any flaws.
Unless you have specific reasons not to, I recommend going to Settings > General > Software Update > Automatic Updates and toggling every displayed option. Don’t worry too much about Apple botching releases — they’ll only download and install when your iPhone is locked, charging, and connected to Wi-Fi, which for most people is at the end of the day.
If something is wrong with an update, it’s usually retracted well before then.
Related
Android’s new auto-reboot feature could add fuel to the privacy battle fire
The tech may put more and more phones beyond the reach of investigators.
3
Stolen Device Protection
Your defense against passcode snoops
You might think 2FA and a complex passcode would be enough to safeguard your data from the average thief, but not necessarily. Some are smart enough to watch you enter your passcode before a physical theft, opening up access to a phone’s contents.
Stolen Device Protection adds an extra layer of defense, requiring Face ID or Touch ID before accessing data like credit card numbers or passwords. Biometrics are also required for changing your Apple Account password, and delays are instituted for things like changing a password, signing out of your Apple Account, or, of course, turning off Stolen Device Protection. If you like, you can choose to limit these delays to unfamiliar areas. You won’t encounter delays if you’re sitting at home or the office, in other words.
Be warned that Stolen Device Protection is still inconvenient at times, even without delays. Most iPhones no longer have Touch ID, and Face ID often requires you to get closer to your iPhone and/or take off any masks or scarves. If you’re not seriously concerned about pickpockets or snatch-and-grab attacks, you might prefer leaving Stolen Device Protection off.
If you do want it on, go to Settings > Face ID & Passcode > Stolen Device Protection.
Related
4 things you can do to free up space on your iPhone
Don’t feel pressured into upgrading your iPhone just for more storage.
4
Advanced Data Protection
A barrier against authoritarian governments
Apple / Pocket-lint
While Advanced Data Protection is currently inaccessible in the UK due to a
recent government order
, in the US and other countries, you should turn it on right away if there’s any concern about unfounded intrusion. The tech enables end-to-end encryption for your iCloud backups, preventing anyone from decrypting them without one of your trusted devices. That includes Apple, whereas normally, the company can be made to decrypt your backups when served with a warrant or other government authorizations, such as National Security Agency letters.
Normally, Apple can be made to decrypt your backups when served with a warrant or other government authorizations.
Remember, your iCloud backups tend to contain very sensitive data — photos, notes, Messages conversations, and many other items, some of which could be used not just against you, but against friends, family, and colleagues. Apple is usually reluctant to hand over this data, as privacy is one of its biggest marketing tentpoles.
You’ll be asked to set up a recovery key or contact in case you forget your password. If you choose the key route, be sure to keep the info somewhere secure, but easy to remember, because Apple won’t be able to help you if you lose access to your account. For that matter, make it a point to remember your iCloud login, and make it accessible to loved ones in case the worst happens to you.
You can enable Advanced Data Protection by going to Settings > [Apple Account name] > iCloud > Advanced Data Protection.
You might also like
Everything you need to know about PEVs, or personal electric vehicles
You can use PEVs to explore, run errands, or speed up your commute.
