Friday, January 21, 2011

Common Sense Security for Your iPhone

By John Cummings

Common Sense Security for Your iPhone

Common Sense Security for Your iPhoneThink for a moment about the information you have stored on your iPhone. If you're anything like me, you'd consider much of the information there personal, private, and potentially dangerous if it were to fall in to the wrong hands.

As smartphones become more and more like digital wallets, it's common for them to contain things like account numbers, addresses, social security information—in some cases even bank statements and tax documents.

Even though the sensitivity of information that we routinely keep on our phones continues to increase, most people I know fail to take even the most basic of security precautions to help protect themselves against identify theft, fraud, and financial or personal loss.

Though this particular post is specific to the iPhone (it's what I use), chances are that your smartphone allows for many of the same security precautions. In the case of the iPhone, you can achieve a fairly decent level of security without any additional cost to you by taking advantage of the features of iOS and some free services offered to iPhone owners by Apple.

First Things First: Lock Your Phone

The most basic security precaution you can take is to make sure that your iPhone is using a passcode lock—and that the passcode lock will automatically engage after a brief period of inactivity. Many users put off taking the basic security measure for fear of the inconvenience assoicated with having to enter a passcode to unlock their phone. The truth is, once you train yourself to type your passcode when reaching for your phone, it becomes second nature—and the very minor delay you'll experience while typing in your passcode is a small price to pay for the extra security you'll gain.

To set up a passcode lock on the iPhone, open the "Settings" application, and click on General > Passcode Lock.

Common Sense Security for Your iPhoneClick "Turn Passcode On", and you'll be prompted to enter a passcode to use when unlocking the phone, you'll enter the passcode twice to make sure that you've typed it correctly—and then, once it's set, you'll have access to the additional passcode security options.

I recommend setting the "Require Passcode" setting to "After 5 minutes". This means that, after 5 minutes of inactivity, an attempt to unlock your phone will require that you enter the passcode. I've found that this time period is a good trade off between being too long to have real value, and too short to not be excessively annoying.

Next: Choose a Hard-to-Guess Passcode

On newer versions of iOS, you'll have an additional option in the Passcode Lock settings labeled "Simple Passcode". By default, "Simple Passcode" is on—and it essentially means that your passcode will need to be a 4 digit number that you'll type when unlocking the phone. You can, and should, turn this setting off and enter a passcode that is more difficult to guess than the simple 4 digit pin.

If you still want the quick convenience of typing the passcode easily when unlocking, you can set the more complex passcode to a longer series of numbers. As long as everything in the passcode is numeric, you'll still be presented with the larger number pad keyboard when unlocking—even though you've chose a more complex passcode.

Even Better: Limit the Maximum Number of Unlock Attempts

Note: If you're worried about a prankster friend accidnetally wiping your iPhone, reader Daniel Burt writes: "It's extremely difficult for a prankster to wipe your iPhone by entering the wrong passcode 10 times. After the first couple of wrong attempts it stops you from trying for a minute, then on the next failed attempt it increases to 5 minutes and keeps increasing the delay to I think 30 minutes for the last 2 attempts before it would wipe the phone. While this might also be annoying if the prankster locks up your phone for 10 minutes while you've ducked to the loo, it does mean they won't "accidently" wipe your phone on you."

To prevent someone from trying to break in to your phone if it's stolen, take advantage of the setting at the bottom of the "Passcode Lock" settings page, labeled "Erase Data". By default, this is set to off. Turning it on tells the iPhone to completely wipe the content of the device if 10 failed attempts to unlock the iPhone are recorded.

While it may sound scary at first to tell your iPhone to wipe all of your data if there are failed passcode attempts—remember that you get 10 tries. It's unlikely that someone who should have access to the device would accidentally enter the wrong passcode 10 times in a row. Also remember that if there is a situation where the data is wiped inadvertently (think coworker prank) you always have the option of restoring from iTunes.

Finally: Take Advantage of the Free "Find My iPhone" App and Remote Data Wipe

Common Sense Security for Your iPhoneApple provides a great service called "Find My iPhone" that is available for free to any iOS device owner using their Apple ID (the same email address and password you use to purchase apps in the App Store). Complete instructions for setting up Find My iPhone are available on Apple's Web Site. By default, the free Find My iPhone is only for 2010+ devices, but anyone can enable and use Find My iPhone on the 3GS and other pre-2010 devices. Here's how.

Find my iPhone allows you to login to the portal at http://me.com and locate an iPhone that has gone missing. From that same site, you can also choose to have a message sent that will display on the phone, you can force an audible alarm to play, or you can completely wipe the device data making sure that your personal information is completely inaccessible.

Summary

Given that all of the precautions outlined here are available to you free of charge if your an iPhone owner, you have no excuse not to take these precautions to protect your data. In the new world of the smartphone as digital wallet, personal organizer, and information destination, it's a necessity.

Number of comments
  • Share this:

No comments:

Post a Comment

CrunchyTech

Blog Archive