Every enterprise IT manager knows the ghastly truth: the biggest security weaknesses in any system are the humans using it. So, if you are one of the nearly one-in-ten iOS users (or even the one-in-three Android users) who don’t use a passcode, if you happen to be one of the many who use the same passcode for everything, or even one of the 15 percent of users who still insist on using any of these ten passcodes, then this article is for you. It’s time to toughen up. Here’s why:
Your life is on your iPhone
Look at what you use your iOS device for. Contacts, social media, email, messages, Web browsing, online retail and so much more. It’s likely you’ve got bookmarks to password-protected shops and services in there. Your life is on your device, so if you don’t protect it then the day you lose that device is the day someone much meaner than you may begin to exploit everything they can then learn about you.
Some of the risks
If you fail to protect your device with a passcode then here is a partial list of everything on your device anyone who has access to your device (such as when you leave it unattended or lose it) can take a look at.
- Your website passwords
- Your contacts, and all their details (including phone numbers and addresses)
- Your Mail and Messages
- Your Location history.
- Your pictures and videos
- Any stored payment information, credit card numbers, corporate apps, Intranet access codes
- Not to mention an opportunity to install malicious software on your device.
With this much at risk it is surprising that there are still so many iOS (and Android) users who do not yet use a passcode.
[ To comment on this story, visit Computerworld's Facebook page. ]
It’s not just about you
Even if the need to protect yourself isn’t enough to motivate you to begin using a passcode on your iPhone, what about the people you know? Your family, friends, and colleagues probably don’t want their email addresses, correspondence, messages and other items of personal data shared with people they don’t know or trust. You wouldn’t want them to do it to you – so why do it to them? Protecting their information on your device is a way to prove you care.
What about your work?
People want your secrets. They want your contacts, identity, credit cards. When it comes to the company you work for they want even more. If you work for a huge enterprise competitors will want secrets and criminals will want cash. Apple works hard to make its platforms secure. This has the effect of making it much more expensive to hack its systems. (There are only so many hackers with the skills to do so, and because there are not many of them they can command higher prices). That’s why criminals target high value businesses and high net worth individuals. The payload needs to justify the effort.
Attackers are sophisticated
That it costs money to mount a serious attack means that those attacks are becoming increasingly more sophisticated. Phishing attacks see criminals monitor a company to choose individual targets within it for different forms of attack. If you are chosen as a target then those making that attack may want to break your personal security protection to take what they can, but what they really want is the credentials you use to access work systems. If they gain a few of these credentials from different people then it is much easier for them to crack into your enterprise systems. And if you are an employee with confidential work-related data on an iOS device that isn’t well-protected and then lose your device when it is “pickpocketed” shortly before your enterprise systems are broken into, how will you feel? Device security is not just about you. Device security may also be about your career prospects. It may also be about the 128 million credit card accounts your company has on file.
Apple engineers have feelings too
Apple has teams of really smart people developing security to protect you. The iPhone uses multiple security defences for this, these are insanely complicated and have acronyms like ECID, AES, and TCC. From the secure boot chain, all the way to ensuring apps aren’t taking more data from you than you want them to, all this security is based on one key element: your passcode. You can get a deep dive into iOS security by reading the iOS 10 Security white paper Apple makes available here, but let’s be crystal clear: Apple’s engineers have invested a huge quantity of time, thought and effort in making sure iOS security actually is secure. Don’t make them weep by ignoring their work. Apple’s engineers have feelings too.
Believe in yourself
Some people like to use the same passcode or no passcode because they think they would have difficulty remembering it. In a sense that’s understandable – but think a little more deeply about this: How many times a day do you take a look at your iPhone? The answer is 80, some more, some less. So, ask yourself, when you use it that many times how long will it take you to learn a new passcode? Write your passcode down when you set it, refer to the note for a day or two, then seal that note in an envelope and leave it somewhere really, really safe. Believe in yourself. You can remember this!
Apple lets you use 4-digit, 6-digit, and complex alphanumeric passcodes. What’s the difference? A Forbes report claims it would take a computer an estimated 72-years to hack into a 6-digit alphanumeric passcode, or an estimated 7-minutes to get through a 4-digit numeric code. It would take a human 2,700 years to get through a 6-digit alphanumeric passcode. It would take a human or computer no time at all to get into a device with no passcode protection at all. Here’s a box designed to crack a 4-digit code quickly. The message is clear – even if you are using a 4-digit passcode, it’s worth improving your security protection with this simple step:
Even if you already use a passcode on your device, the 2,700-year protection mentioned above should be enough to convince you to protect your digital life with the strongest available alphanumeric passcode protection. To set this open Settings>Touch ID & Passcodeselect Change your passcode, choose Passcode Options and create a custom alphanumeric code. When you’ve done this go follow these instructions to setup two factor authentication, an extra layer of security that provides even more protection.
Your digital life is precious. Protect it.