Skip to main content

Have you ever reconsidered your personal iPhone security policy?

Why should I reconsider my iPhone security policy? I have my iPhone four digit pass code and Find my iPhone feature feature is activated. So how should abuse be possible? What could a thief be doing with my stolen iPhone? Well, possibly quite a lot. At least the bold print bullets in this article should be mandatory for everyone. Of course this is no guarantee for invulnerability but it will improve your security. After watching this video you should consider the following actions:
  • Change your Apple ID rescue mail address and do not add this mail account to your iPhone.
  • Consider to use a proper and usable password policy for your Apple ID like this or this (German article).
  • Consider a complex pass code for your iPhone. As you can see in the video four digit pass codes can be hacked in no time on iPhone 4. For newer iPhone a leak is not yet known but it is properly there. Definitely do not use these pass codes.
  • Alternative to point three: activate delete iPhone after 10 wrong attempts (Go to Settings > Passcode Lock > Enter Your Passcode > Click on Done > Erase Data = ON > Enable). This feature can be very annoying when friends playing with your phone at a party ("Haha, I erased your iPhone!").
  • Deactivate control center when iPhone is locked. I agree that it's a little uncomfortable.
  • There is a long still ongoing discussion about the pros and cons of Apple's Touch ID which is build in the iPhone 5S. No matter what it is definitely more secure than any 4 digit pass code.
After reading this (German article) you should consider the following:
  • Upgrade to iOS 7 if not already done.
  • Reinstall your apps after upgrading to enable data protection, at least apps with sensitive data. Otherwise third party app data might be there in plain text. (Just updating the app under iOS 7 will not activate data protection, you need to reinstall the apps).
After seeing this video (iPhone part starts at 44:30) you might consider to
  • Do not to use mobile phones at all. Maybe not an option for most of us.
  • Block your phone camera (at least your front cam) with a sticker. There is no evidence yet, that somebody can access it but it does not hurt to cover it. And we already saw this issues on PC's and notebooks here and here.
After reading this (German article) you might consider to

Comments

Popular posts from this blog

How to delete Azure Active-Directories

When I was trying to delete an Azure Active-irectory by using the management portal I have received the error message “Directory contains one or more applications that were added by a user or administrator” and I was really confused.

Then I found out this is a common issue. The solution was even more confusing, some PowerShell cmdlets are needed. Unfortunately I was not able to proceed, it was not possible to login with my Microsoft-ID to execute the needed commands.

Here I found out I have to install the correct version of the tools. These are located here.

Did you ever think about two-step verification to increase your password security?

My feeling is that two-step verification is still not very common, although a lot of services are listing this feature. Here you will find them:
Facebook Google Microsoft Twitter Evernote Dropbox Apple (currently just available in U.S., UK, Australia, Ireland, and New Zealand) Helpful apps are e.g. Google Authenticator or Authy.
Updated my list on 27.02.2014 with some more services Buffer Yahoo! Apple added, Canada, France, Germany, Italy, Japan, Spain Updated my list on 10.03.2014 with one more Hootsuite Updated my list on 26.03.2014 tumblr Updated my list on 02.04.2014 APP.NET LinkedIn