Street smarts: Security basics for Apple devices on the move

Street smarts: Security basics for Apple devices on the move

Apple devices are generally thought to be fairly secure, but that doesn't mean that Apple users shouldn't take basic security precautions, especially when they're out and about. Whether you (or users you support) are on an iPhone, iPad, or Mac, here are a few key steps to Apple device security.

Lock your devices properly

Whether you're traveling or in a crowded office, you should set a Mac to lock its screen when you're away. In the Security section of the System Preferences app, be sure to enable the Require Password After Sleep or Screen Saver setting. Set a screen saver with a very low timeout, or use the Energy Saver settings to tell your display to shut off after a short period of inactivity.

Those settings will help you if you forget to lock your Mac, but when you walk away the computer will still be insecure for some period of time. That's why it's good to get in the habit of locking your Mac whenever you step away. A friend once told me a horror story of a former co-worker who would go around to unlocked computers, reading everyone's email. Don't trust anyone–lock your computer.

If you're using a MacBook, this is easy–just get in the habit of closing the lid. If you're not using a laptop, or for whatever reason don't want to keep closing and opening the lid, you can also lock a Mac or put it to sleep with a keyboard shortcut. To lock the screen without putting the computer to sleep, the keyboard shortcut is Shift-Control-Eject (if your keyboard doesn't have an Eject button, use the Power button instead). To put the Mac instantly to sleep, type Command-Option-Eject. If you've got the Require Password After Sleep or Screen Saver feature enabled, you'll be protected with one keystroke.

Apple pushes iOS users to set their devices to auto-lock and require at least a passcode. In iOS 9, Apple's also phasing out the four-digit passcodes of old, and wants everyone to do a six-digit passcode. But if you're using a device with Touch ID, I recommend enabling Touch ID and then assigning a password to your device. Not a passcode, but an out-and-out password with letters and numbers or symbols.

Most of the time, you'll unlock your iPhone or iPad using your fingerprint. Touch ID is easy to use and quite secure. But every now and then–after a reboot and to confirm some purchases–you'll need to enter in a password. If you had to enter a full password every time you wanted to unlock your phone, you'd go crazy, but Touch ID lets you bypass it most of the time. If you're using Touch ID, you should have a stronger password on your phone.

Of course, you should also set your iOS devices to require a password immediately, and be sure you're hooked up to the Find my iPhone service via Apple's iCloud, so you can remote-wipe your device should you lose it. (Find my iPhone's also quite handy for finding your device when it's lost in your couch cushions or when you left it out in the car.) And thanks to the Activation Lock feature Apple added last year, stolen iOS devices can't be re-used without validation by logging into the Apple ID most recently associated with the device.

Encrypt that data

iOS devices come with all their storage fully encrypted. (This is why it takes so little time to erase an iPhone–the OS doesn't need to write zeroes over the entire storage device, just wipe out the encryption key.) Macs take a little bit more work.

A few years back Apple introduced a built-in disk encryption feature called FileVault. It was a minor disaster, with enough stories of lost data and reduced performance that the conventional wisdom in Mac circles was just not to bother with FileFault.

OS X now ships with something called FileVault 2, and while it shares a name with the old, rickety version that people avoided, it's entirely new. This is full-disk encryption based on top of Apple's Core Storage system, and it's rock solid. It's trustworthy and adds very little overhead to devices, so there's no noticeable performance loss when it's enabled. And of course, the best part: even if someone rips your hard drive out and sticks it in another device, your data can't be read without a password. I highly recommend that every Mac user, but especially those with sensitive data or mobile devices, turn on FileVault 2.

And remember to back up your files! Passwords can make your device data unreadable by thieves, but that's cold comfort if they steal your only copy of precious information. Make a local backup and use an online backup service. The more backups you make, and the more places you store them, the better.

More password smarts

Just about any device, or constellation of devices, can be made more secure with better attention to password security and the addition of extra security steps. I recommend that everyone turn on two-factor authentication for any service that offers it. Apple, Google, Dropbox, Slack, and many others provide this feature, which requires you to not only enter in your user name and password, but an algorithmically-generated code. If someone steals your password, they still can't log in unless they've also got the code. It's not a foolproof system, but it adds yet another step to any potential compromise of your accounts.

Google makes a perfectly fine app called Google Authenticator to generate your two-factor codes, but I've come to really enjoy Authy, an iOS app that syncs with all your devices and even lets you call up two-factor codes on an Apple Watch.

And of course, no user should be without a password manager. (I use 1Password, but there are many others out there, too.) Password managers let you remember a single password, and store all your individual website and service passwords in an encrypted archive. Even better, password managers let you generate random, impossible-to-guess passwords for the sites you visit, and store those in your password archive. I wouldn't go back to life without a password manager.

Finally, use a VPN whenever you're on a network that you or your employer doesn't control–especially random free Wi-Fi networks out in the wild. OS X and iOS both come with built-in VPN support, and if your employer doesn't offer a VPN, plenty of third parties do. I'm currently using Cloak, a VPN service with pretty nifty clients for both iOS and Mac. Among Cloak's better features is its ability to automatically turn on its VPN when you access an unknown Wi-Fi network.

It's a big bad world out there. Yes, most people never have to face the possibility of being hacked, or having a co-worker read their emails, or realize that a stolen computer holds the only copy of an irreplaceable file. But if you follow a few basic rules, you'll be able to walk through life knowing that should the worst happen to your device, your stuff will be protected.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.