Our world is embracing technology more than ever. But with that adoption comes fear and uncertainty regarding the vulnerability of our data and devices.
Semantics matter when we talk about security. I have been a technology support provider for the entirety of my career. The term most often used by those who believe someone has gained access to their account is “hacked,” but a hack requires bypassing security measures to gain unauthorized access to a system. In the cases I’ve dealt with, outside agents gain access to an account because the user gives them their credentials (e.g. through a phishing scheme), not because they were hacked.
Semantics matter because it relates to trust. If a service you were using is hacked, then you would be less likely to trust that they can keep your data safe. However, if you provided an outside agent with your credentials, then the service should still be considered secure and trustworthy.
Apple has been at the forefront of security and data privacy for years, and they have earned my trust, so I wanted to share some things you can do to protect yourself on their devices.
Use a Passcode/Password and Face ID/Touch ID
This is the first and most powerful way to protect your data.
Mac
Make sure you are using a password for your local accounts. Newer version of macOS can tie your login to your Apple ID, which is a good idea. If your Mac supports Touch ID, use it.
iPhone/iPad
Turn on Face ID or Touch ID and set a passcode. Yes, it can be annoying to have to enter the passcode from time to time, but the alternative is a wide open device that anyone can use.
Touch ID can support up to five fingers, but they don’t have to be your fingers. If you share a device with a partner, set up recognition for a couple of their fingers, too.
Face ID can recognize one other person, but it has to be configured via the “Set up Face ID with a Mask for Alternate Appearance” option in the Settings > Face ID & Password section.
Log in to iCloud and Enable Find My
When you log in to iCloud, you create a connection between your device and your Apple ID. When Find My is enabled, you provide a mechanism to find, lock, and/or erase your device if it is lost.
Use a Password Manager
Every service or web site you use should have a unique, complex password. Why? If a provider gets hacked and your account data is not encrypted, the attacker could gain access to your credentials. Any site you use that authenticates with those same credentials is then at risk.
I have used 1Password for years, sticking with it even after it required an annual subscription, but there’s a free, built-in option. Apple provides a solid Password management tool that syncs with all of your devices using the same Apple ID, and, with the upcoming iOS/iPadOS 17 and macOS Sonoma, those passwords will be accessible in browsers other than Safari and shareable via custom groups (e.g. family members).
Do More
The features I’ve mentioned above provide a good security baseline, but there’s more you can do to protect yourself. In part two of this series I’ll talk about things like multi-factor authentication (MFA), passkeys, encrypted Notes, and ApplePay.