Section 7: Keeping Your Data Secure

We have a lot of valuable information stored on our phones. For that reason, it's a great idea to employ a few security measures to ensure that that information doesn't get into the wrong hands. Here are a few ways that you can keep information safe on your device:

Setting a Passcode

When you set up a passcode for your iPhone, it uses that passcode to encrypt all its contents. This way, even if someone steals your iPhone, they will not be able to decrypt the contents unless they also have your passcode. It is possible to skip this step during initial set-up and use your iPhone without a passcode, but we strongly advise that all iPhone users have a device passcode set up. To set up a passcode, go to:

1. Open the Settings app.
2. Tap Face ID and Passcode (or Touch ID & Password).
3. Tap Turn Passcode On.
4. Enter a six-digit passcode (or tap Passcode Options for more options).
   
        

Follow the prompts to create a new passcode.

Tips for Setting a Secure Passcode

The strength of your passcode is the single most important security decision you make, so some advice:

• Longer is better, but only if you can remember it. 
• Make your passcode a unique number that is only useful on one device.
  • Do not reuse a passcode from other places! For example, it is not secure to use your debit card pin number.
  • Don't use dates or numbers that would be easy to guess, like your birthday.
• It's okay to write down your passcode while you're still working on memorizing it. You have to enter it pretty often, so you should be able to memorize it fairly quickly. Once it's memorized, put your record of your passcode someplace private, like where you keep your passport.

A Password Free Future with Passkeys?

During Apple’s WWDC announcement in June, there was a big focus on a passwordless future.But what does this mean? Your iPhone is already using biometrics via Face ID and Touch ID to make your iPhone more secure. These are unique to you and cannot be memorized or stolen like Passcodes, so they are safe from website leaks and phishing.

The other cool thing about Passkeys is that they automatically sync across your Apple devices and they can be used to sign in on non-Apple devices too. To log in using a Passkey on a non-Apple device, you’ll need to scan a QR code with your phone.

Apple has given third-party apps the ability to use Passkeys on websites such as Best Buy, Facebook, Twitter, WordPress, etc. The setup process is different depending on the website but you can find it under settings, password or security, under Face or Touch ID or face or fingerprint sign in. The names of the folders will be different depending on the third-party website. Once you find the option to enable it, just follow the onscreen directions.

If you like using passwords, don’t worry, these changes will roll out over the years so passwords aren’t going away completely with the iOS 16 update, this is just the beginning.

Setting Up Face ID/Touch ID

If you haven't set up Touch ID/Face ID, then I highly recommend doing so because these features make unlocking your iPhone a lot easier and more convenient. To do this:

1. Open the Settings app.
2. Tap Face ID and Passcode (or Touch ID & Passcode).
3. You'll need to have a passcode set up.That's because your passcode is used as part of the encryption process and because you can use your passcode to log in if Face ID or Touch ID fails to recognize you.
4. Once you have a passcode set up, you'll see the option to either Add a Fingerprint if you have Touch ID or Set Up Face ID if you have Face ID.
   
        
5. Follow the instructions as your iPhone walks you through setting up Face ID or Touch ID.
6. To control which features and information you unlock with Face ID/Touch ID, check the toggles on this settings page.
   
    

Two-Factor Authentication for iCloud

Two-Factor Authentication requires you to have two different pieces of evidence to prove who you are in order to log in to your iCloud. One is usually your password, and the second piece of evidence is either your phone number (to which they will text a code) or a trusted device. A trusted device is any Apple ecosystem device logged in to the same account, to which they will send an encrypted code. This is far more secure than a mere password.

Because your iCloud stores sensitive data, Two-Factor Authentication is required for all new Apple IDs. If your Apple ID is older and doesn't have Two-Factor Authentication turned on, then once you turn it on, you will not be allowed to turn it off again. Two Factor Authentication is considered the minimum required security measure for storing sensitive data in the cloud, and we recommend that you turn it on right away if you haven't already done so. To do this:

1. Open the Settings app.
2. Tap your name at the top.
3. Tap Password & Security.
4. Tap Two-Factor Authentication.
   
        

Use iCloud Keychain to Store Your Passwords.

With so many websites requiring usernames and passwords, and most of us using more than one device to accomplish tasks throughout the day, it can be difficult to keep track of all our accounts and login information. And while there are plenty of apps that can do this for you, your iPhone comes with this service built-in. iCloud Keychain encrypts, stores, and keeps up-to-date credit card information, Wi-Fi network information, and usernames and passwords for internet accounts. It also manages information for iOS Mail, Messages, Contacts, and Calendar apps across all your Apple devices that have Keychain enabled. Enabling your iCloud Keychain is a great way to keep yourself organized. Here's how to turn it on:

1. Open the Settings app on your iPhone and tap on your name at the top of the page.
2. Tap on iCloud.
3. Scroll down to Keychain and tap it.
4. Toggle on Keychain.
   
        

Use iCloud Keychain to Create Unique, Strong Password for All Your Accounts

Using the same password for more than one account risks the security of both accounts that use it. That's where iCloud Keychain comes in. Using your iPhone's built-in password manager, you can find du- plicate passwords and replace each one with a unique, strong password using Apple's strong password generator. For even more convenience, the iCloud password manager will save the new keychain password on your iPhone and auto fill it whenever it's needed. Here's how to get rid of every old, weak password and use Apple's password suggestions to create unique and secure passwords instead.

1. Open the Settings app.
2. Scroll down and tap Passwords.
3. You'll see a section called Security 3 Recommendations and a number next to it. These are the passwords your iPhone has recognized as duplicates and/or weak and recommends you change. Tap on it to open the list.
4. For any account whose password 4 you want to update, tap Change Password on Website. (NOTE: You must go to the website or app to create a new password. Changing the password in the Account & Passwords settings won't change the password on the account website. It will just delete the password, and you'll be locked out of your account.)
   
        

Log in to the website and follow the directions to change your password.

1. Tap Choose My Own Password, or tap Use Strong Password, and Apple will generate one for you.
2. Tap Save to change your password to the one you created or Apple's strong password.
3. If prompted, tap Update Password to save it to your Keychain. Not every site will give you this prompt; some will automatically save.
4. When you navigate back to your Security Recommendations, there will be a check by that site, showing you now have a strong, unique password for it.
   
        

Now, you can repeat this process for every duplicate password, so all your accounts are more secure.

Setting Up Find My iPhone

Find My iPhone has helped me out more times than I can count, and I highly recommend getting it set up on your device. When Find My iPhone is turned on, you can see the location of your device from any of your other devices or from any computer via iCloud.com. An additional security feature of the Find My app lets you remotely erase your device in the event that it is stolen. That way, none of your personal information can be stolen too. To turn on Find My iPhone:

1. Open the Settings app and tap Your Name at the top.
2. Tap Find My.
3. Tap Find My iPhone.
4. From there, toggle on Find My iPhone.
   
        

To use this feature to find your iPhone:

1. Open the Find My app.
2. Tap Devices.
3. You should see a map showing the last known locations of all the devices you have signed in to your same Apple ID.
   
      

Auto-Wiping Your iPhone

We don't recommend this security tip for everyone (especially if you have children), but if you want to be extra careful to make sure the information stored on your device stays private, you can set your iPhone to wipe your device after ten consecutive failed passcode attempts. If you are going to turn this setting on, make sure you have automatic iCloud backups enabled! To turn on Erase Data:

1. Open the Settings app, then tap Face ID and Passcode (or Touch ID & Passcode).
2. Scroll down and toggle on Erase Data.
   
    

Adjusting Auto-Lock Time

If you are in the habit of forgetting to lock your device, then it's good to make sure your iPhone automatically locks after a short amount of time. To adjust your auto-lock time:

1. Go to Settings and scroll down to Display & Brightness.
2. Tap on Auto-Lock.
3. From there, you can choose to have your iPhone automatically lock after 30 seconds or after up to 5 minutes.
   
      

Security Features Introduced with iOS 16

Hide Your Email Address or Show It Off

The two most notable iCloud Plus updates that came to iOS 16 were the ability to use Hide My Email in apps and change your address to a custom email domain. I’ll explain everything you need to know.

Hide My Email in Apps

Hide My Email has been around for awhile but it was only available on websites via the Safari app. It lets you keep your personal email private and creates a unique email to sign into your account that will keep your main inbox harder to find by advertisers who may want to send you promotional emails that you didn’t sign up for. With iOS 16, this feature is now integrated directly into QuickType keyboard suggestions so it can be used with third-party apps as well.

Custom Email Domain

iCloud Plus introduced a custom email domain so that you could have a more personalized email address that isn’t @gmail or @icloud but rather name@(company).com for more personalization. With iOS 16, you can now share your custom domain with others even if they aren’t part of your Family Sharing group.You can also purchase your domain right from the iCloud Mail settings. This also allows you to enable catch-all aliases, which makes it possible to deliver emails sent to an incorrect email addresses under the domain to the correct inbox. For example, if your domain is @iphonelife.com and someone sends an email to randomword@iphonelife.com, you’ll still receive it.