Any time there is a major security update to a piece of software I use or some sort of breach to an online service that I am associated with, I am reminded of some basic security best practices that I should be performing on a regular basis.
When asked questions like “should I be concerned” or “do you think this will affect me,” my answer is always YES, as that is the safe answer to assume. While no security plan is absolute, the following checklist should serve as a continual guide to help stay as secure as possible without having to totally disconnect from the internet:
ID and password best practices
Always use strong passwords – A strong password is not the same as a password that you feel is difficult to guess. It is one that is time-consuming for a computer to systematically generate in large numbers. Apple’siCloud Keychain in iOS and OS X will now suggest strong passwords for you to use when setting up new accounts online. If you are wondering if an existing password you are using is strong enough, analyze it using the Wolfram Password Generator Reference App ($0.99 Universal). This app will also help you select a good replacement password if yours is not strong already.
Change passwords regularly – Having a strong password is not always enough, especially when someone hacks into a site you use the strong password with and gains access to the system. In 1985 the Department of Defense recommended that passwords never be used for longer then one year. Even today universities like MIT recommend the same frequency for changing online passwords. Going through your accounts and updating your passwords annually is a good idea.
Verify a recovery plan – Many online accounts like Apple’s own Apple ID offer a secondary means of resetting your account password. When you are using strong passwords that you update on a regular basis, having a strategy for what to do when you forget your password is a good thing. This can also require the authentication of an alternate means of communication like a secondary rescue email address. Be sure to have this established before it is too late and make sure that only you have access to this back door.
Use a password manager – iCloud’s Keychain service for both iOS and OS X is a great minimalist password keeper to use. A more fully featured password management app like mSevenSoftware’s mSecure or AgileBits’1Password may be more useful when it comes time annually to update your passwords en masse. The important thing in common with all three products is that all of your user names and passwords are encrypted.
Software updates and Find My Device
Check for updates – On your iOS device, there are two basic types of updates to check for, iOS updates andapp updates. iOS updates can be found within the General section of the Settings app whereas app updates are found within the App Store. On OS X, for apps that you have purchased from the app store as well as OS X updates from Apple, you have just one place to check: from the Apple menu click on Software Update and the App Store will check to see if any updates are available.
Third-party software – On OS X, two common pieces of software that get installed are Adobe’s Flash and Oracle’s Java. To check and see if you are running the latest release of each, you can verify your Java version on Oracle’s site and check your Flash version on Adobe’s site. For the rest of the software I own, I have found the watch list service of a MacUpdate membership ($20/yr) to be a good source of information. MacUpdate even has a desktop app that works in much the same manner as Apple’s own App Store app by alerting you when updates are available.
Turn on Find My Device – As much as we think we can’t live without them, iPhones, iPads and even MacBooks get lost, dropped and even just left behind. Locating your gear quickly and being able to retrieve a device can often be the difference between a lost device and a stolen device. With all of your contacts, ID and passwords on the device, being able to recover your device quickly is paramount to a good overall security plan.
iOS security quick checklist
Activate long passcode – The first thing you need to do is ensure that you are actually securing your device with a passcode. With the new iPhone 5S, you can use your fingerprint to unlock your iPhone. This Touch ID technology should make using a long passcode, rather than the short 4-digit passcode, an easier to manage option for most if not all users. Passcode can be enabled in the General settings under the Touch ID & Passcode section on the iPhone 5S or the Passcode Lock section on other iOS devices.
Check privacy settings – Not all security threats come from hackers. Sometimes access to personal information is a privilege you may have granted too willingly. Checking the privacy settings to see what information apps you have installed have requested access to is one way to protect your personal information. Also be sure to check out your location based System Services. This is where you will find a historic listing of frequent locations you have been to recently. You can even elect to prevent your iOS device from keeping track of such information in the first place.
Lock screen display settings – When your iPhone or iPad is locked, there are still ways in which one can use your device without having to enter a passcode. To prevent gaining access to the Control Center, be sure todisable access on the lock screen from the Control Center section of the Settings app. When it comes to viewing your notifications, you can disable access from the lock screen from the Notifications section of the Settings app. Finally from within the Passcode section of the General settings, you can also disable access to Siri, Passbook and Reply with Message from the lock screen.
OS X security quick checklist
Turn off administrator access – Before you do this, you must first have a separate user account on your Mac that has administrator access to the system. Once established, you can then uncheck “Allow user to administer this computer” from each user account. Additionally, in the General section of the Security & Privacy system preference, click on the Advanced button and check that you “Require an administrator password to access system-wide preferences”. These two settings will help prevent someone from installing apps of changing system settings without knowing an administrator password.
Disable automatic login – It is always a good idea to disable automatic logins on your Mac. This setting is located in the General section of the Security & Privacy system preferences. Additionally this is where you can set the amount of time to wait until password is required after sleep mode or the screen saver begins. It is also a good practice to require entry of both the name and password when logging on to your Mac. This is configured in the Login Options section of the Users & Groups system preferences.
Check firewall settings – Each Mac comes equipped with a software based firewall that can block incoming connections. You can either block all incoming connections, or select which apps you have installed to allow incoming connections. settings. When you are out and about, connecting to unknown Wi-Fi hotspots, you may also want to check the list of services you are sharing. If you want to stay on top of what is connecting to your Mac and when, download and install Little Snitch 3 ($34.95 Mac). It will monitor your network connections and alert you in real-time when information is being accessed.