An Easy Way to Dramatically Improve iPhone (or Any Phone) Security

A password with letters and numbers is a much better way to protect your phone than a four-digit "simple passcode."

This past weekend, as I stood in line at a Whole Foods market in Portland, Maine, waiting to buy delicious Maine beer, I did something kind of sketchy. I'm not proud of it.

The woman in front of me was watching the clerk tally her purchases. As she pulled her iPhone from her pocket to check Twitter or fire off a quick text, I took a glance at the device to see what model iPhone it was -- I can't help it, I shamelessly check out other people's phones, so what?

It all happened fast, and I happened to notice the four-digit code she entered to unlock it. I didn't mean to; I was just looking at the phone. (It was a gold iPhone 5s, and the passcode was 2727, if you must know.)

I wasn't even trying to see it. Imagine how easy it would be for a potential thief on the train, or standing in line at a Whole Foods -- hey, it could happen -- to watch her enter her code, grab the phone and run off to his subterranean liar or wherever people who steal phones go to wind down after a lengthy day of larceny.

I probably wouldn't have written this post if Whole Foods Lady had just used Touch ID and her fingerprint to unlock her device. So, lesson one: If you have an iPhone with Touch ID, use it. It works really well, and it helps protect your passcode from prying eyes.

The real point of this post: Don't use "simple" passcodes to protect your smartphone, whether it's an iPhone, Android, BlackBerry, Palm Pre, whatever. You should use an actual password and not a four-digit code. It's much more difficult to see and remember a password than a short code, especially if the password is a random set of letters and numbers. (Of course, experts suggest Really Bad Guys can use brute force attacks to crack iPhones' four-digit codes and longer password, but why make it easier on them?)

It's unrealistic to expect the average Jill iPhone to use a lengthy, random password, because they are hard to remember and even harder to type on touch screen keyboards. It's easy enough, however, to use a word that's meaningful, and memorable, to you and then throw your lucky number at the end. And if you use a fingerprint reader, you'll rarely have to enter the password anyway.

Today's smartphone owners store more and more sensitive information on their phones, and while the four-digit code is certainly better than no passcode at all, it really doesn't cut it these days. A fingerprint-based access system such as Apple's Touch ID or the Samsung Finger Scanner, secured with a password and not a passcode, is a much more suitable option for security-minded users.

To disable the iPhone's "simple passcode" option and enter in a new password, tap your iPhones Settings icons, choose Touch ID and Passcode, and enter in your current passcode if you're using one. Next, turn the Simple Passcode option off, and then enter your new password, confirm it, and you're good to go.

It's also a good idea to keep an eye out for sketchy weirdoes with their hands full of beer bottles, peeking at your phone while you wait in line at the supermarket to pay for organic produce.


Join the CSO newsletter!

Error: Please check your email address.

Tags BlackberryPalmsecuritymobile securitytwitter

More about AppleBlackBerryPalmSamsung

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Al Sacco

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts