- ššļø Test Your Security Skills
- š« Privacy & Security New Yearās Resolutions š±
- š» Glossary of Cybersecurity Terms š
- šš± Security Updates from Apple š
What should you do in the following scenario?
Which of the following is an example of a strong password? š¤Ā
- password
- disorder-prize-describe-pin
- G0Hawks!1979
- Fido1995
Scroll to the bottom to see how you did!
Lock Down Your Accounts with Strong & Unique Credentials
Your most important accounts, like your bank account or your Apple Account, should be locked behind strong, unique passwords that cannot be easily guessed. The best way to do this is by using a password manager and allowing it to create your passwords for you. Of course, your password manager itself needs to be locked with a strong password. For this, we recommend using a passphrase, which is a string of four random words, usually connected by hyphens.
You should also secure your iPhone with a difficult-to-guess passcode, so donāt use your birthday or an anniversary. In fact, if you want to be extra secure, you can change your iPhone passcode to an alphanumeric password and use a passphrase to lock it.
Use Multi-Factor Authentication Wherever Possible
These days, passwords alone are not enough to protect yourself. You need to secure your accounts with some form of two-factor or multi-factor authentication. The best form of multi-factor authentication is a physical key. Though if you canāt or donāt want to use a physical key for fear of losing it, there are also authenticator apps that use push notifications to verify your identity, such as the Microsoft Authenticator app. These time-based authenticator apps are also a viable option after physical keys. If SMS-based authentication codes are your only option, they are not quite as secure, but better than nothing.
Secure Your Primary Email Address
While weāve already emphasized the importance of multi/two-factor authentication, we also want to stress that, more than anything, you should secure your primary email address (the one you use as the password reset for your most important accounts, like your bank, password manager, Apple Account, etc.). The best way to ensure your primary email is secure is by using a modern email platform (such as Gmail, iCloud, or Outlook), enabling multi-factor authentication, and setting up Recovery CodesĀ and Legacy Contacts.
Public Wi-Fi Is Not Your Friend
Avoid using public Wi-Fi whenever possible. Threat actors with the right resources can infiltrate devices connected to the same Wi-Fi network as them. Since public Wi-Fi has hundreds, if not thousands, of devices connecting to the same network at once, those devices are vulnerable to attack. Instead, we recommend using your iPhoneās mobile hotspotĀ if you can. If that isnāt an option and you must connect to a public Wi-Fi network, you should use a VPN. At the very least, you should enable Private Wi-Fi address.
Watch Out for Scam Emails
Everyone gets spam emails. Itās an unfortunate fact of life, and sometimes it can be difficult to determine which emails are legitimate. Thankfully, there are some telltale signs you can keep an eye out for, such as checking the sender. Emails from Apple are likely to come from an ā@apple.comā domain, not a random Gmail address. You should also be wary of emails that use panic-inducing language. Emails that tell you that you have been charged hundreds or thousands of dollars for a product you donāt remember purchasing and instruct you to call a phone number to cancel the purchase are likely to be scams.
When you get emails like the ones described above, you can almost always ignore and delete them. If youāre worried that the email could be legitimate, always visit the senderās official website and contact support from there. For example, if you get an email from your bank telling you that thereās fraud on your account, donāt call the phone number in the email or click any links. Instead, open a new tab and visit your bankās official website, and look for the phone number for customer support.
Protect Each of Your Devices
Keeping malicious apps off your devices is vital to your digital security. One way to help do this is to use privacy-focused web browsers, like Safari, Firefox, or DuckDuckGo, along with an ad blocker, such as NextDNS, Ghostery, or uBlock Origin. Besides your ad blocker and your password manager, you should not use any other browser extensions, as extensions require extraordinary access in order to function and make a tempting target for hackers.
Speaking of malware, on your Mac or PC, you should install anti-malware software, such as Malwarebytes. Your iPhone should be safe from malware, as long as you donāt jailbreak it and only download and install reputable apps. Apple curates the App Store to ensure malicious apps donāt make it to your devices, but those protections arenāt infallible. Practice caution when installing new apps.
Last, but not least, lock down your Wi-Fi router with a unique password for your Wi-Fi network itself, as well as for the admin dashboard (accessing the admin dashboard varies depending on the manufacturer of your Wi-Fi router; check your ownerās manual to find out how to access yours). The default admin login for most routers is simply āadminā as the username and āpasswordā as the password. Needless to say, you should change that as soon as possible.
- Credential: Anything that can be used to identify an individual as having permission to access a privileged resource, such as an account. This can be your username, password, credit card number, driverās license number, etc.
- Password: A string of characters known only to you. Used interchangeably with passcodes.
- Passcode: A string of numbers known only to you. Used interchangeably with passwords. When you use a passcode (or password) to secure an iPhone, iPad, or Windows PC, the passcode is stored on the device and never transmitted from it.
- Passkey: This is Appleās name for a system to replace passwords, developed by the FIDO Alliance. The full name for this system is FIDO2 WebAuthN. Passkeys can replace passwords, but they may also be used in addition to passwords or other credentials for ultra-strong multi-factor authentication.
- Passphrase: A string of words only you know. The passphrase, which must be at least 15 characters long, is a more secure version of a password and can be used in any form that asks for a unique password.
- Hardware Key: A physical key for your online accounts. Normally, these look like USB keys, but they donāt store files. Instead, they serve to cryptographically confirm your identity using the same FIDO2 WebAuthn protocol used by passkeys.
- Key material: Credentials. Usually, this term is used in the context of low-level computers talking to other computers.
- Password Manager/Vault: The place you keep all your credentials.
- OTP: An ambiguous term that can refer to either recovery codes or TOTP codes (see below). It can stand for One-Time Pad, which is an old but still effective form of cryptography, or for One-Time Password.
- Recovery Codes or One-Time Passwords: Codes that can be used once and only once to regain access to an account in the event that the usual password is lost. These codes are generated when you create the account, and are meant to be printed out and stored somewhere safe.
- TOTP: Time-Based One-Time Pad, or sometimes Time-Based One-Time Password. A code you are either sent or generate yourself to supplement your primary credential as part of a multi-factor authentication process. Note that, despite being called a One-Time Password, a TOTP is always a randomly generated code, not a word.
- MFA: Multi-Factor Authentication. The practice of requiring more than one credential to affirm an identity. For most websites, a username and password form the basic credentials. Since passwords can be guessed or stolen, additional identifying factors are required for an account to remain secure. MFA has become standard practice, but its adoption is not universal.
- 2FA: Two-Factor Authentication. Essentially, a synonym for MFA.
Everything you need to know about Appleās latest software updates.
- The most recent iOS and iPadOS is 26.2
- The most recent macOS is 26.2
- The most recent tvOS is 26.2
- The most recent watchOS is 26.2
- The most recent visionOS is 26.2
Read about the latestĀ updates from Apple.
The correct answer is 2. disorder-prize-describe-pin. In the past, it was common (though not recommended) to create passwords you could easily remember, like a dogās name or a favorite sports team, along with a number that is also easy to remember, like a birthdate or anniversary. Then, just change some of the letters to symbols. However, hackers can crack these types of passwords in seconds, simply by finding out more information about you. Anyone with enough determination can find out your birthday or the name of your dog.
Instead, the example used above is composed of four random words with no relation to each other or the user. That means itāll be much harder for hackers to guess, since they would need to run through every word in the English language and every possible combination of four words to find the right password.
Of course, if you use this method for every password you ever make, itāll be impossible to remember them all! Thatās why you should use the four random words method to create the master password for your password manager, and then let it create and remember randomized passwords for you. This year, make it a priority to start using a password manager if youāre not using one already.
There is far too much security and privacy news for us to cover it all. When building this newsletter, we look for scams, hacks, trouble, and news to illustrate the kinds of problems Apple enthusiasts may encounter in our private lives, and the self-defense we can practice to keep our devices, accounts, and lives secure. Our commentary focuses on practical advice for everyday people. This newsletter was written byĀ Cullen ThomasĀ andĀ Rhett IntriagoĀ and edited byĀ August Garry.
Interested in keeping your iPhone secure in the new year? Check out:
|
