iPhones and iPads are, out of the box, quite robust and secure platforms. But with a few tweaks you can harden that security dramatically without adding too much burden to your day-to-day usage of the device.
#1: It all starts with a really good, strong passcode
If you’re using a 4-digit PIN code, stop what you are doing and change it right now. I’ll wait for you.
Good iOS security starts with having a really strong passcode. If this is something that’s easily guessable then everything else you do is pretty much pointless.
No matter whether you use Face ID or Touch ID to access your iPhone, you still need a passcode, and the longer the passcode you can use — and remember — the better.
Go to Settings > Face ID & Passcode (or Touch ID & Passcode on older iPhones), enter your existing passcode, and then tap on Passcode Options to get a set of options. Choose between Custom Alphanumeric Code (the most secure) or Custom Numeric Code (second best option), or 4-Digit Numeric Code (I don’t recommend this last option).
#2: Set brute-force protection
iOS has built-in brute-force protection to prevent someone just entering a bunch of passcodes in an attempt to guess the one you are using. Try too many times, and iOS wipes your device. Good for security, not so good if you forget your passcode.
After ten attempts (as you near the tenth there will be a time lockout to slow down the entry process, which is a method that stops pranksters or morons from wiping your iPhone), the encryption key will be deleted and your data wiped.
Go to Settings > Face ID & Passcode (or Touch ID & Passcode on older iPhones), enter your existing passcode, and scroll down to Erase Data to check this setting is enabled.
#3: Make sure iOS automatic updates are enabled
iOS 13 has the ability to keep itself updated automatically, which is a great way to make sure that your iPhone is fully patched. If you can’t think of a good reason not to enable this, enable it!
This should be set up automatically, but you can check it over at Settings > General > Software Update and make sure Automatic Updates is enabled.
#4: Reduce the lock screen timeout
The shorter you set the lock screen timeout setting (there are options ranging from 30 seconds to never), the faster your iPhone will require authentication to unlock it, reducing the amount of time someone has to snoop your data. I suggest keeping this at a minute or under.
You can change the auto-lock time by going to Settings > Display & Brightness > Auto-Lock.
#5: Password AutoFill and third-party password managers
Password managers are a must nowadays, and iOS 13 now allows password autofill using data stored in the iCloud Keychain and third-party password apps such as LastPass, Dashlane, and 1Password. This eliminates any excuse for using weak passwords or reusing passwords.
You can find the controls for feature in Settings > Passwords & Accounts > AutoFill Passwords.
#6: Check for password reuse
Don’t reuse passwords. It’s just dumb. Yeah, I know, it’s convenient (I used to do it too). If you use the iCloud Keychain to store web passwords, you can now use it to check whether you’ve reused a password for multiple accounts.
Go to Settings > Passwords & Accounts > Website & App Passwords and authenticate with either Face ID/Touch ID or your passcode.
You will see a grey triangle with an exclamation mark next to any entry that is reused. To change the password, tap Change Password on Website.
#7: Take control over Location Sharing
Another thing you might have noticed after installing iOS 13 is that you get notifications informing you that apps are using your locations data, and giving you the option of allowing this to continue or blocking it.
Don’t worry, you can change your mind by going to Settings > Privacy > Location Services, and changing permissions for your apps.
Assuming Locations Services is enabled, you will get a list of apps that use your locations data — any in there that surprise you? — and you can click on the various apps to change its settings.
- While Using the App
- Ask Next Time
Note that not all apps will offer all the options.
The app will also give you a brief explanation as to why it is requesting your location data.
#8: Block apps from having Bluetooth access
You may have noticed that after you installed or upgraded to iOS 13 you found that a whole swathe of apps such as Facebook started asking you for permission to transmit data over Bluetooth. One reason is that these apps are trying to use Bluetooth as a new way to track you.
You can either allow or deny access when the prompts are displayed, or you can head over to Settings > Privacy > Bluetooth and make the changes there.
Note that this doesn’t affect audio streaming to headphones and speakers.
#9: Control what Touch ID/Face ID is used to authenticate
Do you want the convenience of Face ID or Touch ID, or do you prefer the additional protection that having to enter your passcode offers? iOS 13 allows you to switch Face ID/Touch ID on and off for:
- iPhone Unlock
- iTunes and App Store
- Apple Pay
- Password AutoFill
Go to Settings > Face ID & Passcode (or Touch ID & Passcode on older iPhones), and enter your existing passcode to take control of this.
#10: Set up two-factor authentication
One of the best ways to protect your data is to set up and use two-factor authentication. This means that, even if an attacker has your iCloud username and password, Apple will send an authentication code to a device you’ve chosen, which should block most attacks.
Go to Settings > and tap your name at the top of the screen, then go to Password & Security, then choose Two-Factor Authentication.
While setting up two-factor authentication you can also set up a Recovery Key.
Once set, without this key, or another device signed in with your Apple ID, you will not be able to reset your password.
#11: Delete your Siri and dictation history from Apple’s servers
This is a new feature in iOS 13.2 that allows you to erase your Siri and dictation data from Apple’s servers.
First download and install iOS 13.2 on your iPhone or iPad. Then fire up the Settings app and go to Siri & Search > Siri & Dictation History. From there tap the big, ominous-looking red button marked Delete Siri & Dictation History. Then you confirm that you want to carry out this action by tapping Delete Siri & Dictation History on the popup. You should finally get confirmation that the request has been received by Apple.
You can also opt out of having your voice clips sent to Apple to improve Siri and dictation.
Go to Settings > Privacy > Analytics & Improvements and look for Improve Siri & Dictation and toggle the switch to off.
#12: Control notification data leakage
Notifications displayed on the lock screen can leak sensitive information to passersby.
To stop this go to Settings > Notifications > Show Previews and change the setting to When Unlocked or Never.
#13: More security control with Safari
Under iOS 13, the Safari browser now has the ability to control access to features such as the camera, the microphone, and current location on a per-site basis.
Go to Settings > Safari and look for the toggles under Settings For Websites.
#14: Block unknown callers
This is a great way to get rid of the vast majority of nuisance and spam callers.
To enable this feature, go to Settings > Phone > and toggle to Silence Unknown Callers.