Headline-grabbing security breaches have become an all-too-common problem. Every week, it seems, another company notifies customers that hackers have accessed their personal data.
Apple recently released an updated version of its operating system, iOS 12, to help keep users’ information private and secure. That update, available for most recent iPhones and iPads, delivers on the promise.
The security improvements are both built into the software and included in new options that people can chose to turn on. Upgrades that help corporate IT departments lock down business data are also part of the operating system overhaul.
Here are the highlights of the iOS 12 update that are intended to improve security:
The list of security fixes in iOS 12 is long and scary considering all the vulnerabilities that existed in the prior version. For example, one bug that Apple elminated could have let hackers intercept Bluetooth traffic such as your voice calls or file transfers. Another in the iTunes App Store could have allowed attackers to create phony prompts that trick people into entering their passwords.
In Safari, a now-fixed bug could have let malicious websites steal auto-filled data such as credit card numbers. Others eliminated vulnerabilities including ones allowing third parties to see the latest app a person used, see deleted text messages or notes, create address bars for fake sites, and view the web sites a person recently visited. It’s alarming that Apple allowed so many cracks in iOS’ armor, but now, at least, it has finally gotten around to filling them.
Better Tracking Prevention
Cookies that you buy at the supermarket may be tasty, but the cookies that follow you online leave a wholly different taste in your mouth. Websites often install cookies on devices in order to display tailored ads to users while they go from website to website. Apple’s new iOS stops much of this tracking. Social media sites that have share buttons and comment widgets should no longer be able to track you without permission.
Safari in iOS 12 goes one step further by stopping advertisers from seeing your iPhone’s unique identifiers, which makes it more difficult to target you with tailored ads. If you see the same ads over and over on different websites, it’s because advertisers have fingerprinted these identifiers. By blocking them, users can avoid being followed.
Stronger, Easier Passwords
Please, no more “password” or “123456” or “letmein.” Apps and Safari in iOS 12 are better at suggesting passwords because they can automatically create, autofill, and store strong passwords. Apple instantly suggests passwords that few humans would easily think of (nor remember). Moreover, iOS 12 is more consistent about storing the passwords in iCloud, its online account syncing tool, so that the passwords are available across all of a user’s Apple devices.
Additionally, if you forgot your password, or iCloud fails to work properly. You can ask Apple’s digital assistant Siri for help. Ask “Hey, Siri, what’s my password for Twitter?” and, after authenticating you via Face ID or Touch ID, it will show you the specified login.
iOS12 also encourages users to create different passwords for different apps, a recommended practice that prevents hackers who steal one of your passwords from accessing several of your accounts. The operating system flags passwords that an individual uses for several apps and sites. The idea is to coax people into replacing recycled passwords with Apple’s new auto-generated passwords that are much stronger.
Lastly, passwords should now be easier to share. The updated iOS lets people send and receive passwords between iOS devices, Mac computers, and Apple TV via AirDrop over Wi-Fi. This means that if you have a password on one device, you can send it to another for signing in to apps and services. It may come in handy, for example, when a visiting business client needs to sign in to your office Wi-Fi, but you don’t want to reveal the password. Using the settings tool, you can opt to push select passwords to people who are in the same room with you.
Security Code Autofill
Two-factor authentication—the practice of increasing security by requiring users to enter two kinds of passwords in succession—is a pain. And yet it’s increasingly necessary for protection. Banks, apps, and some websites prefer to verify users’ identification by sending a one-time code via SMS. The recipient must then type the code into the app or website in order to proceed. The codes can be hard to remember and fussy to deal with as you jump back and forth.
iOS 12 makes the process of receiving an SMS code on phones less of a hassle. When the code arrives, iOS 12 automatically transfers it from the SMS message to the security screen of whichever app or site you’re using. No more need to worry about your short-term memory when juggling the two apps.
Face ID, the facial recognition tool that lets iPhone X, Xs, and Xs Max users avoid having to enter a password is one of Apple’s best security tools. In iOS 12, Apple lets you add two faces to Face ID, partly to allow people who have two different appearances — with a beard and without, for example—log in using Face ID. However, the upgrade also lets you add someone else’s face so that two people—a husband and wife, for instance—can unlock an iPhone.
There are obvious pros and cons here. It may help in emergency situations when the primary device owner is incapacitated and needed information is stored on the phone. At the same time, allowing two people to unlock the same phone may lead to privacy problems.
USB Restricted Mode
Another tweak to iOS 12 is USB Restricted Mode, which blocks anyone from downloading data from an iPhone via the USB port. The protection, if turned on, kicks in one hour after the device was last unlocked by its owner. Apple’s inclusion of USB Restricted Mode appears to target law enforcement, which sometimes use a USB-based device for breaking an iPhone’s password and encryption to gain access to the data on the phone. USB Restricted Mode would block them or anyone else from using this technique.