Let’s be honest, most of us don’t spend very much time thinking about how well our personal information is protected. We should, but we don’t. At least, not until something goes wrong. Of course, by then it’s too late.
We use weak passwords for important accounts and then reuse those passwords everywhere. The fact that most of us haven’t been a victim of having our personal information compromised is mostly because we’ve been lucky.
iPhone Passcode
The passcode you use to unlock your iPhone might be the single most important piece of security in terms of protecting your personal information. That’s a strange thought when you consider that most of us are annoyed when we have to enter it because it probably means that FaceID or TouchID didn’t work.
You know that your iPhone passcode unlocks your iPhone, but it also is able to do a few other things that you might not think about. You should.
The Wall Street Journal published a report of criminals who watch a user type their passcode, and then steal their iPhone. (You should definitely read the entire piece.) With both the physical device and its passcode, the thief now has almost complete control over the victim’s digital life.
Not only can the thief access the device, but they can access any passwords saved in the iCloud Keychain. They can also unlock any apps you have enabled FaceID. That could give the thief access to things like Venmo or your credit cards or bank accounts.
Most importantly, they can reset the password for your Apple ID. If someone has your iPhone, and the passcode to unlock the device, they have everything needed to change your iCloud password.
That might seem like a flaw, but the truth is that it’s by design. The number of people who forget their password is a lot higher than you think, and the end-to-end encryption Apple builds into your device and iCloud means the company can’t help you access your data if you get locked out because you can’t remember your password. It made an intentional decision to make it so you can use your iPhone—with the passcode—to reset that password. Otherwise, your data would be lost forever.
The reason this is the most concerning is that if a thief resets your iCloud password, he or she can then sign you out of iCloud on all of your devices. If you’re not sure why that would matter, imagine losing access to all of the photos you have taken with your iPhone and stored in iCloud.
You’re probably thinking that would never happen to you. And, chances are, it won’t. But, if it did, consider what it would cost you. The truth is, some of what you lose might be literally irreplaceable.
None of the recovery methods created by Apple, like having a recovery contact or key, will work since they are linked to the password. They really only help you if you forget your password.
So, what should you do? The simplest answer is to be more careful about entering your passcode in public. Be aware of your surroundings and don’t type it in if you feel like you’re being watched.
You can also choose to use a passcode that includes both numbers and letters, which makes it harder for someone to figure out while looking over your shoulder. The bottom line is that the passcode you pick to protect your iPhone guards a lot more than you think, so you should treat it accordingly.
Twitter disables SMS two-factor
Twitter says that beginning March 20, it’s getting rid of SMS-based two-factor authentication unless you pay for a Twitter Blue subscription. Two-factor authentication (2FA) is where you log in using a username and password, and then have to provide a code from another source. That way, if someone gets access to your login credentials, they’d still need access to, say, your phone to obtain that code.
The reality is that SMS is a pretty bad way of securing your account, mostly because it can be spoofed. If someone is able to social engineer their way into obtaining a SIM with someone’s phone number, it’s not that hard to then gain access to banking, social media, and other types of accounts that use those codes you receive in a text message.
It’s more common than you probably think, though the average person is probably not at a huge risk. Celebrities, politicians, and other high-profile individuals certainly are at risk, and Elon Musk wants them to pay up for the privilege of using a less secure form of authentication.
Why would anyone do that? Well, the reason SMS has stuck around is that, for most people, it’s far more convenient than using a separate app for two-factor.
Musk has been pushing his subscription version of Twitter, though it hasn’t exactly taken off. The Information reported last month that fewer than 200,000 people had signed up.
Apparently, the reason for removing SMS as an option for most people is that every time Twitter sends one of those codes to your phone, it costs some small amount of money. Even though it isn’t a lot, it’s apparently an expense Musk and Twitter would like to cut.
The real lesson here has nothing to do with Twitter, and everything to do with the idea that you really shouldn’t be using text message-based 2FA if you have other options.
The Word Shed
I also wrote, last week, about a topic a little closer to home, literally. As in, in my backyard. For the past few months, I’ve been working on a project to convert a shed into the perfect home office for working remotely. I’ve been in there for a few weeks, and it’s exactly what I had wanted.
I wrote about the experience for my column at Inc.com, and included some photos and the ideas behind why a shed made for a great place to work.
You Should Also Read:
Microsoft is letting you choose a personality for Bing Chat
The FDA has said “no” to Elon Musk’s plan to test his Neurolink brain implant in humans.
Panera Bread is taking a page out of Amazon’s playbook.
Netflix password sharing is getting harder, but not impossible.