Securing your new iPhone in three simple steps

The iCloud may not as be as safe as you think and here's how you secure your Apple accounts and devices—whether you’re a first-time owner or just upgrading.

Secure_iPhone.png

Many people are questioning the security of Apple’s iCloud following news of stolen celebrity nude photos. Symantec has three easy steps to help secure Apple accounts and devices—whether you’re a first-time owner or just upgrading.

Step 1. Enable Touch ID fingerprint recognition

touchID_1.png

You’ll be asked if you want to enable Touch ID—be sure to do it. Apple's Touch ID is a fingerprint reader built right into the iPhone 5S, 6, and 6 Plus models to authenticate the user. Your fingerprint can be used to unlock the iPhone and to make purchases through iTunes, the App Store, and Apple Pay.

If you don't enable Touch ID when you first set up your phone, you can enable it later in Settings.

Even if you don’t have the latest iPhone, be sure to set a passcode on your device. That way, if your phone is ever lost or stolen, whoever has it won’t be able to easily unlock it, as we highlight in our Smartphone Honey Stick Project.

According to a recent survey by Consumer Reports, only 36 percent of smartphone users enable passcodes (with at least 4 digits), while 34 percent do nothing to secure their devices at all.

Step 2. Use a strong Apple ID password and make it unique

An Apple ID is required to make purchases through iTunes and Apple’s App Store. An Apple ID is also required to enable iCloud features on your iPhone or iPad. This password is very important so be sure to use a good one.

Apple has basic password requirements in place for Apple IDs, including the use of one lowercase and one uppercase letter, one number, and a minimum of eight characters.

You can improve the strength of your password by using more than the minimum requirement of eight characters and by using random characters. Even clever substitutions of letters instead of symbols, like "P@ssw0rd" for instance, may meet basic requirements but is still weak. Something like "d*&Z0jWv7Y2E$e" is better.

Not only should your passwords be stronger, but they should also be unique. Reusing passwords across different sites and services is a big risk. Just as you would not use the same key to unlock your front door and your car, you should never use the same password for more than one account. 

Creating and remembering multiple strong and unique passwords is challenging, so use a password manager such as the following:

Step 3. Enable two-step verification
apple2fa.png

Passwords are not enough to keep you protected. Symantec recommends enabling two-step verification. Attackers routinely target owners of Apple devices with phishing scams in order to steal Apple IDs and passwords. Once enabled, two-step verification protects your Apple ID and your iCloud data from being accessed by an attacker with your username and password.

Two-step verification (also known as two-factor authentication) is just an added layer of protection for your Apple ID. Basically, in order for someone to log in to your account and make changes, they need more than just your password. They will also need a verification code sent to one of your trusted devices—something phishers unlikely have.

To enable two-step verification, log into to your Apple ID and select the Password and Security option. You will be asked to register a trusted device, like your phone or tablet. Be sure to print out the Apple recovery key in the event you lose your phone or don’t have immediate access to it and need to login to your account.

applerecovery.png

The steps outlined above are worth the time and effort and Symantec strongly recommends users of Apple devices to follow them.

Today, smartphones are ubiquitous. We take them with us wherever we go. We use them to capture digital memories, manage our finances, work on the go, and keep in touch with the most important people in our lives. As a device central to our lives, it is critical to make the security of it a priority.

Satnam Narang is a security response manager at Symantec.