26 iPhone security tips for iOS 13
Historically, Apple has released a new phone and a new iOS for all existing iPhones every year. Say hello to iOS 13 in Apple’s latest update. For iPhone users, new operating systems mean new features, gizmos, apps, and more.
With all of these enhancements, it’s important to keep in mind that these new features may help or hinder your security and privacy.
We took a look at the new iOS and compiled some tips and tricks to help secure your device, your data, and your password usage.
1. Turn on USB Restricted Mode
USB Restricted Mode is a newer feature on iOS that you may not know about. This security feature prevents USB accessories that plug into the device from making data connections with an iPhone, iPad, or iPod. This helps prevent what is called juice jacking, which is when malware can be installed onto a device or information can be accessed via the USB charging port.
How to turn on USB Restricted Mode:
Settings > Touch ID & Passcode > type in your passcode. Scroll down and ensure that the “USB Accessories are not permitted on the lock screen” setting is off. (On an iPhone X, check your Face ID settings, instead.)
2. Make sure automatic iOS updates are turned on
Updating apps and operating systems is crucial to the security of your device. Not only do they add nifty new updates, but they also address what is called a software vulnerability. A software vulnerability is a security hole, or weakness, in an operating system or software program.
Hackers can exploit these weaknesses by writing code to target a specific vulnerability. These exploits could infect your device with no action on your part other than viewing a website, opening a compromised message, or playing infected media.
How to check if automatic updates are turned on:
Settings > General > Software Update and turn on automatic updates.
3. Enable Find My iPhone
Find my iPhone is Apple’s built-in tracking software. It uses GPS to locate a lost or stolen phone. In addition to helping find a phone, it also has other built-in security features such as Activation Lock, which will prevent anyone else from using your iPhone. To gain access, it requires the user’s Apple ID and password. Without this information, someone can’t turn off the Find My iPhone feature, erase your device, or reactivate and use your device.
How to enable the Find My iPhone feature:
Settings > Username > iCloud. Scroll to the bottom and tap Find My iPhone. Slide to turn on Find My iPhone and Send Last Location. If you’re asked to sign in, enter your Apple ID.
4. Disable lock screen options
The iPhone’s lock screen has what are called “widgets” that allow quick access to some features such as your camera, wallet, and Wi-Fi and Bluetooth connections. While they don’t allow a user full access to the phone, someone can still swipe some personal information with those features.
How to disable lock screen:
Settings > Control Center, toggle off which widgets you don’t want accessed in the lock screen.
5. Use a VPN on public Wi-Fi
A virtual private network gives you a private and secure way to connect to the internet wherever you use it. It creates a secure, encrypted connection between your public internet connection and the VPN service’s private server. A VPN acts as a sort of tunnel, encrypting the data you transmit and receive while on public Wi-Fi, such as at a coffee shop or airport.
How to use a VPN on public Wi-Fi:
Consider getting a VPN such as Norton Secure VPN.
Then, instead of having to open the app whenever you want to turn on your VPN, you can do so through your iPhone’s Settings: Settings > VPN, toggle on VPN.
6. Turn off the auto-join feature for your Wi-Fi connection
You don’t want your iPhone connecting automatically to any Wi-Fi location without your knowledge and permission. A hacker could use that same service set identifier (SSID) as an access point to capture your traffic and data.
How to turn of the auto-join feature:
Settings > Wi-Fi, and then click on the “i” beside the Wi-Fi network and disable the auto-join feature.
7. Use additional encryption when backing up
You likely have a lot of sensitive data stored on your phone. Not only do you want to keep a copy of it, you’ll also want to help protect that data. When backing up your Apple devices, it’s best to connect to your computer and use iTunes. Make sure iTunes is set up to encrypt those backups. By doing so, this encrypts your data, and you can create a separate password.
How to use additional encryption when backing up Apple devices:
Open iTunes when you connect your device to your computer. Select your device in the iTunes drop-down menu. In the Backups section, check the box for “Encrypt iPhone Backup.” You will then be asked to create a password.
8. Monitor your privacy settings
Sometimes we install apps that are used for a short time and then end up just sitting there, taking up space. You may want to perform an audit of those apps because they could pose a security risk to your iPhone or iPad. Sometimes the privacy policies in apps change. This could pose a privacy concern unless you read the fine print carefully. Unwanted apps also could drain your battery and slow down your device.
How to monitor privacy settings:
Settings > Privacy. Here resides the master list of all permissions, along with which apps you’ve granted them to. Go through all of them periodically and revoke any permissions that you don’t think a particular app will need, such as to your location, camera, or contacts list, for example.
9. Set a stronger device passcode
By default, the iPhone has a four-character numeric passcode. Did you know that now you can change that to an alphanumeric password on your device? Setting a strong, random passcode can help keep snoops and hackers from figuring it out.
How to set a stronger device passcode:
Settings > Touch ID & Passcode and enter your passcode > select set a Custom Numeric Code.
10. Set up two-factor authentication
Two-factor authentication — also known as 2FA — is a method of verifying your identity that adds a second form of authentication in addition to your account password. It consists of two of the following three things:
- Something you know: a PIN, password, or pattern.
- Something you have: an ATM or credit card, mobile phone, or security token such as a key fob or USB token.
- Something you are: biometric authentication such as a voiceprint or fingerprint.
How to set up 2FA:
Settings > tap your name > Password & Security. Tap “Turn on Two-Factor Authentication” and follow the prompts.
11. Use Touch ID or Face ID
In addition to a strong passcode, you can add another layer of protection by enabling both Touch ID and Face ID, if available.
How to set up Touch ID or Face ID:
Settings > Face ID & Passcode. If asked, enter your passcode. Tap “Set Up Face ID,” then follow the on-screen instructions. Settings > Touch ID & Passcode, then enter your passcode. Then follow the on-screen instructions.
12. Make sure your iPhone screen locks quickly
The most secure option is to set Require Passcode to Immediately, which will require you or anyone who picks up your phone to enter your passcode no matter how much time has passed since you last unlocked your phone.
How to set up Auto-Lock:
Settings > General button > Auto-Lock
13. Change your reused passwords
iOS 12’s password manager had a newer feature: password auditing. One of the main difficulties with passwords is trying to select unique passwords for each and every account we use. Unfortunately, that rule is not always followed, so this password auditing feature helps can make managing all your unique passwords easier. This feature will audit your stored passwords and let you know if you have any duplicates.
How to change your reused passwords:
Settings > Passwords & Accounts > Website & App Passwords and enter your passcode. You’ll see a small warning symbol next to each account that recognizes a reused password. Just tap on the Change Password on Website button and you’re done.
14. Protect your SIM with a PIN
SIM swap fraud is another scam that you don’t want to happen to you. But you can help protect yourself. Setting up a PIN for your iPhone SIM can help prevent phone thieves from stealing that SIM and using it with another phone.
How to set your SIM PIN:
Settings > Cellular > SIM PIN > turn on SIM PIN. You will be prompted to give your carrier’s default PIN, which should be “1111” for AT&T customers. Then reset to your own PIN.
15. Be wary of fake apps; don’t sideload apps
Cybercriminals can use fake apps to trick you into entering your personal information or downloading malicious software. The solution? You should always download your apps directly from the Apple App Store to avoid downloading fake apps that may contain malicious software.
16. Read reviews of apps
If you’re thinking about downloading an app, check out the reviews of it. This also can help weed out any fake apps and ensure you’re introducing something reputable onto your iPhone.
17. Secure your apps; use caution with app permissions
Before you grant permissions to an app, see what permissions you’re actually giving them. Do they really need those permissions? What could they do with them?
One new feature of iOS 13 is that it requires apps like Facebook to ask for permissions via pop-ups to do things like track your location. This new feature prevents apps like Facebook, for example, from tracking you in the background.
18. Use a password manager
Passwords are so important to the security of your various online accounts. A password manager can help protect your data by creating strong, unique passwords. A password manager provides strong encryption and stores one strong master password that gives you easy access to all of your accounts, while helping to protect your data from cybercriminals and snoops. Some password managers have the capability to generate complex passwords unique to each of your online accounts.
19. Disable “Load Remote Images” in your email settings
Cybercriminals can embed hidden images in emails. Here’s the problem. When you open the email, it reaches out to an online server to download the image. This simple act can lead to big problems, because details about your device like your location are then shared with that server — and can be discovered by the sender.
How to turn off the “Load Remote Images” email function:
Settings > Mail > Load Remote Images, and toggle the “Load Remote Images” button to the off mode.
20. Disable location data in images and other apps
Do you often share images on Facebook and other social media platforms? Be careful when your privacy setting allows for public viewing. Your images may reveal private information such as your location. However, you can turn off location data within the images on your camera as well as in other apps.
How to turn off location data within images:
Settings > Privacy > Location Services > Camera (or any app), and click on “Never” to keep your location private when sharing images or when using another app.
21. Watch for phishing scams and pop-ups
Phishing is an online fraud scheme designed to trick victims into clicking on a compromised email or text link or opening a fraudulent attachment. Those links then direct victims to fake websites that look like they belong to legitimate businesses.
You’re then prompted to enter your credentials and personal data, and guess what: the scammers have captured your login information and can then access the authentic site to steal more of your personal information or make purchases.
Another way a scammer can ensnare you is by sending an email attachment that’s embedded with malware. When you open that attachment, the malware can infect your device and capture your login credentials when you access your accounts.
The solution? Never open an email from an unknown source. Even if the email looks legitimate, never click on links or open attachments in unsolicited emails — even if they seem legitimate. Always go directly to the website.
22. Turn off Siri
Siri can share your personal information.
How to turn off Siri:
Settings > Siri and deselect Siri
23. Watch for Bluetooth permissions requests
Another new iOS 13 feature is that apps have to ask you for Bluetooth access, when they didn’t have to before. Before iOS 13, apps could use Bluetooth (without asking) to collect information like tracking data that shared your location.
24. Sign in with Apple ID
Another new iOS 13 privacy feature is the “Sign in with Apple” prompt. This new feature allows you to sign in to apps and websites using your Apple ID instead of sharing personal data on forms or creating new passwords.
In a similar way, you no longer have to share your email with apps with a new “hide my email” option. You also can have Apple create a unique email address that will forward to your real email address.
25. Turn off your phone or put it in airplane mode
When you aren’t using your iPhone, turning off your phone or at least putting it in “airplane mode” is a good idea. Your iPhone can’t be hacked if it’s turned off.
How to turn on airplane mode:
Settings > Airplane Mode
26. Wipe clean your old phones
Whether you’re selling your iPhone or giving it to a family member when you get a new one, be sure to wipe it clean and remove it from your Apple account. If you don’t, it will keep syncing to your new device.
To do this, you can sign out of your Apple account and enable the erase setting:
Settings > General > Reset
The bottom line: Don’t let new features overwhelm you, but even more importantly, don’t ignore them. It’s smart to stay up to date. Knowing how to implement these new features and other best practices should help maintain the security and privacy of your device and data.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.