How to secure your iPhone with iOS 8 password managers and Touch ID

2 Comments

There are two enhanced features of iOS 8 that can change how users manage their secure information. The first is Apple’s decision to open up Touch ID for third-party developers to integrate into their apps, and the second is allowing Safari extensions to be installed on iOS.

It was not that the out of the box security features that Apple built into prior versions of iOS were not up to the task of remembering all of your IDs and passwords, quite the opposite in fact. iCloud will remember your security credentials quite seamlessly. The problem that third-party password managers addresses goes a bit beyond just remembering things.

Locking down your iOS device

With iOS 7, Apple introduced iCloud Keychain. This feature allows you to sync access of your website usernames and passwords, credit card information, and Wi-Fi network access information across all of your devices. To use this feature you must enable iCloud Keychain access from within the primary iCloud account section of Settings app.

iCloud Keychain Approval Process

The setup process will ask you to create an iCloud Security Code that can be used to authenticate additional devices and allow them to sync all of your IDs and passwords stored in iCloud. Alternatively, adding additional devices will require a sort-of handshake where devices that you have already authenticated can be used to ‘approve’ new devices requesting access to your secure information. This makes it a little harder for someone to access all of your secure information if by chance they discover your iCloud password.

The iPhone 5s added Touch ID to the mix. This removed the need to remember a complex master passcode when trying to use your device. One workaround to remembering a more secure passcode was to use a simple 4-digit passcode or PIN to access your device. Being able to use your fingerprint to access your device makes setting a longer more secure passcode far more likely for many to adopt. Now that the iPhone 6 and the iPhone 6 Plus also support such a feature, more iOS users will be able to keep their information secure.

The principle behind all of this is to have technology remember all of your secure passwords. In so doing, each account you access can have a separate and unique password and each password you use can be stronger and theoretically more complicated to hack into. You can also change your passwords more frequently and let your device remember them all rather than having to keep track of everything yourself. Basically technology can help manage many of the complexities of being as secure as possible in today’s digital age.

Beyond remembering: password management

One of the limitations of Apple’s iOS security feature is that you cannot really manage all of your security information. Yes, you can access your account IDs and passwords from within the Safari section of the Settings app, but you cannot edit or change any of the information. In order to update a password, or any other account details, you have to log on to the secure site using a different set of credentials.

Password Manager Advanced Features

Another limitation is that you cannot enter in any additional information like the answers to any security questions or a pass phrase associated with the account. As a result, you are limited to only managing the username and password information for online accounts.

Password managers like 1Password and LastPass make up for this limitation by allowing you to edit additional information within each account. You can also create accounts to store sensitive information that is important to you that may not be associated with a web site. With the ability to add categories, create folders, and organize all of your security related information, password managers like 1Password and LastPass go beyond helping you remember your website passwords.

Another new feature of password managers like 1Password and LastPass is their ability to perform security audits.  They can evaluate how often you use the same password across multiple accounts, check the password strength of each password you have set, and even monitor how long you keep the same password associated with each site you access.  This makes staying secure a much easier task to manage.

iOS 8 now makes password managers even more effective

Prior to iOS 8, these password managers were denied access to Apple’s Touch ID technology. This required one to either remember a rather lengthy and often times obscure master pass phrase or compromise their security by utilizing a simple and easy to remember master code that once learned would allow access to all other account information.

You still have to create a master pass phrase or security code, but now you can access the app using Touch ID as well. This quickens the process and allows you to get to the information you need much, much faster. You can enable Touch ID for apps that support it from within each apps particular settings.

Enable 1Password Safari Extension

The other limitation placed upon password managers was that they were denied access to the native Safari browser. Sure they had their own embedded browser within the app, but that somehow was never quite the same experience as the native Safari browser. Through the use of Safari extension on iOS 8, password managers can allow users to take fully advantage of all of the benefits associated with managing your security information, with the ease and connivence of using the native Safari browser.

Enabling Safari extension is a bit tricky. From within Safari on iOS, tap on the ‘share’ icon at the bottom of the web page (square box with an arrow point up). Swipe over to the “More” icon and here you will find a list of extension included with apps you have already installed on your device. Now you have access to all of your managed IDs and Passwords directly from within Safari.

2 Comments

Samantha Smith

Thanks for sharing helpful piece of advice-its really a better approach to keep the devices up to date on security parameters,As there are so many bots which try to access our information in regular manner

Comments are closed.