This post was originally published on February 26, 2019, and updated on April 20, 2022.
You often hear about securing your computer and home network, but how much have you thought about securing your phone too? Our smartphones go with us everywhere and carry a lot of personal information. It’s vital that you keep yours properly secured to keep your information safe.
Let’s take a look at some essential iOS security tips for iPhone users. We’ll point out some settings and best practices you should know.
1. Use a Strong Passcode
For a long time, iOS used a four-digit passcode to secure your phone. Modern versions use a six-character passcode instead. While this sounds like a minor change, the security implications are significant.
With a four-digit code, there are 10,000 possible combinations. Increasing this to a six-digit code results in one million possible combinations. Having 10,000 possible combinations is fairly strong, but you’ll feel much safer if your PIN is one in a million.
If you set up your iPhone recently, you probably already have a six-digit code. But if you’re still using an old four-digit code, you can head to Settings > Face ID & Passcode (or Touch ID & Passcode if your iPhone has a Home button) to change it. Enter your current passcode, then scroll down and choose Change Passcode.
Confirm your current code once more, then you’ll have the chance to enter a new one. Tap Passcode Options here and you can choose between four digits, six digits, or a custom numeric code of any length. For maximum security, you can also set an alphanumeric password (like what you’d use for a website), though this is inconvenient.
Of course, modern iPhones also have Face ID which uses your face to unlock your phone, or Touch ID which uses your fingerprint to protect your device. These are fine for normal use, but you should pair them with a longer passcode to eliminate a potential weak point in your device security.
2. Enable Find My
Every iPhone has a feature built-in called Find My (formerly Find My iPhone). This allows you to locate your device if it’s lost or stolen. iOS likely prompted you to enable this when you set up your phone, but it’s worth double-checking for peace of mind.
To configure Find My, open Settings and tap your name at the top of the list. On the resulting page, choose Find My. Here, select Find My iPhone and make sure the Find My iPhone slider is on.
Enable the Find My network option to participate in Apple’s crowdsourced network, which allows any Apple device that comes near another Apple device to share its location, making it easier to find even if your phone is offline. Also, you can optionally enable Send Last Location if you want your phone to report its location to Apple before the battery dies.
When you need to find your phone, head to Apple’s Find My iPhone website. After signing into iCloud, you can play a sound (handy if you’ve misplaced your phone in your house), mark it as lost, or erase it remotely.
3. Keep iOS Up-to-Date
Like any software or operating system, Apple issues updates to iOS regularly. While these can add features and fix minor bugs, they also include security patches. If someone discovers a new iOS security vulnerability, your best protection against it is to update your device as soon as possible.
Skipping updates for long periods of time can reduce your device’s security and open you up to attack. You should thus always apply system updates as soon as you can. To check for updates manually, open Settings > General > Software Update. Apply any available updates, and make sure you have Automatic Updates enabled so your device will apply them for you in the future.
4. Enable Two-Step Verification
We’ve discussed the importance of two-factor authentication before. When you enable it, you need a secondary code along with your password to sign into an account. To keep your Apple ID (which is tied to your iPhone and other Apple devices) safe, you should take advantage of this security option.
To turn it on, visit Settings and tap your name at the top of the list. Tap Password & Security here, followed by Turn On Two-Factor Authentication. Next, you’ll need to enter your phone number, where you’ll receive login codes. You can choose between calls and texts for the code.
Tap Next and Apple will send you a verification code. Enter that number to confirm, and you’re ready to use two-factor authentication. Now, when you try to sign into your Apple ID on a new device, you’ll need to enter a code in addition to your password.
While you’re on this page, it’s wise to explore the other account recovery options too. They can save you a lot of hassle by making it easier to get back into your account if you lose access.
5. Review App Permissions
When an app wants to access a sensitive area of your phone, such as your contacts or the camera, it has to ask for permission. Once you grant these permissions, they stay enabled unless you manually disable them. It’s thus smart to review what permissions you’ve granted to apps every once in a while.
Keep in mind that permissions aren’t bad in themselves. Many apps require them to work properly; Google Maps isn’t much good without access to your location, for example. But you might want to think twice about granting a solitaire game access to your contacts.
To review app permissions, visit Settings > Privacy. Here you can browse the list of permissions (like Photos, Microphone, and more) and see which apps have access to them. To revoke a permission, just move the slider into the Off position. Remember that some app functionality might not work if you disable permissions.
If you’d prefer to browse permissions by app instead of by category, scroll to the bottom of Settings and tap the app name. You’ll see all permissions the app has and can manage them.
6. Disable Link Previews in Safari
One of the best ways to avoid dangerous websites is by checking the URL for any links that you’re not sure about. On your desktop, you can hover over a link with your mouse to see its destination. On a phone, you usually accomplish this by pressing and holding on the link.
However, in Safari, your iPhone will instead show a preview of the link when you do this. This poses a security risk, since the preview loads the page and could trigger an unsafe site. You can disable this behavior to make the long-press behavior show only the URL instead.
To do so, find a link that you know is safe, like one on this page or on a trusted site like Wikipedia. Press and hold on the link to open Safari’s preview pane. When the preview loads, tap Hide preview at the top of the window. This will skip that function in the future, so when you press and hold, you’ll instead see the URL to help determine if it’s safe. Then you can choose whether to open it.
Keep Your iPhone Protected
We’ve taken a look at key security tips for your iPhone. Even if you checked these when you set up your device, it’s a good idea to review them every once in a while to make sure they’re configured as you expect. Getting all this taken care of will go a long way for your security. Thankfully, Apple makes it easy to keep your device secure without sacrificing too much convenience.
To learn more, why not read our primer on Background App Refresh next?