Why security matters
Just because almost all mobile malware targets Android doesn’t mean iPhone users can be complacent.

Quite the reverse:

We need to be even more alert in case attackers use complacency against us. What follows are a few simple tips to help you secure your iPhone (and iPad).

There is no way to deny that iPhones are in the ascendant, particularly in enterprise IT. Beyond business, you’ll see them used by educators, doctors, police and politicians and in each one of those cases the information on those smartphones is confidential and must not be abused.

Security is mandatory. Fortunately, Apple works really hard to balance security with usability

Secure yourself
So, what’s the weakest point in mobile device security? Sadly, it’s you. From tapping links in phony emails to accessing confidential password-protected information using open public Wi-Fi hotspots to simply using the same password everywhere: All these common flaws contribute to your security weakness. If you want to secure your mobile devices, then you should start with good security habits:

- Avoid clicking links from people you don’t know.
- Never download/install software unless you know where it is from.
- Use strong passwords, and use different passwords for each site
- Use two-step verification everywhere.
- Use Private Browsing when visiting websites.
- Use a disposable email address to sign up for services, websites and the like
- Never access a confidential service (such as your enterprise intranet or online bank) over public Wi-Fi.
- Now let’s take a closer look at some of the many other ways you can secure your iPhone/iPad life.

Security updates
Apple watches security on its devices closely. For example, when the first zero-day exploit aimed at iOS was identified in 2016, Apple issued a security update to patch the problem within a few days. If you care about your device security you must absolutely ensure you install all the latest iOS upgrades. (Android users may want to look away at this point, as they have nothing like as much protection).

Passcodes: the most important security you have
The passcode is the single most important security protection you have on your device. If you want to be secure you absolutely must use a passcode.

Do you use any of these as your passcode?

These were the three most commonly used passwords in 2016. That’s why they are among the first passcodes people use if they want to unlock your device without your permission.

A report claims it would take a computer an estimated 72-years to hack into a 6-digit alphanumeric passcode, or an estimated 7-minutes to get through a 4-digit numeric code. It would take a human 2,700 years to get through a 6-digit alphanumeric passcode.

You must use a stronger passcode.

What you have to understand is that at Apple, the passcode is still the most important part of your iOS security set-up.

Face ID and Touch ID are good, but they exist for your convenience more than anything else. Both biometric authorization methods depend on you using a unique and hard to break passcode. That’s why you are asked for your passcode when you restart your device, or an Apple Pay transaction fails to recognise your fingerprint, or when the device is left unused for a day or two.

One good way to create a tough password is to make a memorable sentence, such as “The Quick Brown Fox Jumps over the lazy dogs” and then use the second letter from each word (with punctuation) as you code: ihaovly2i,m.

The best way to protect your device is to use an alphanumeric code. To create one you must open Settings>Touch ID & Passcode, and select Change Passcode.

You’ll be asked to enter your existing passcode and then asked to enter a new one. Don’t enter a new one. Instead, tap the words Passcode Options at the bottom of the screen, Now you can create a rock solid alphanumeric code.

Face ID, Touch ID
Apple claims that Face ID is more secure than the fingerprint-based Touch ID. It says there is only a one in a million chance a random person could unlock your iPhone by looking at it using Face ID, compared with a one in 50,000 probability when using Touch ID.

“FaceID makes using a longer, more complex passcode far more practical because you don’t need to enter it as frequently,” Apple said in a security white paper.

What we’re saying is that while you can use these as a convenience, you should always ensure your passcode remains your primary security protection.

Turn on Two-factor authentication
Open Password & Security in Settings and turn on 2-factor authentication. Once it is enabled you'll need to provide two pieces of information (your password and the six-digit verification code) when attempting to sign in to your Apple ID on a new device.

You must also set a Trusted Phone Number here. This is a number that can be used to receive verification codes by text message or automated phone call.

It’s good practice to verify a few numbers here, your home number and that of a trusted third party, for example. You can then use those numbers to get the code to enter your own device if you need to do so.

Set up erase data
What happens if someone tries to open your iPhone? Unless you set this protection up they will be able to try and keep trying until they break in.  The Erase data feature is available in Settings>Touch ID & Passcode screen.

Set the Erase Data toggle to green and all the data on your iPhone will be erased after 10 failed passcode attempts. That’s not such great news if you forget your passcode, (though you do backup, right?) but fantastic if someone’s trying to break into your phone to pillage the device for everything it can find out.

Some food for thought.