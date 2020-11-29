If you’ve bagged a bargain iPhone 12 Black Friday deal, best check these four ‘risky’ security settings now or you could regret it later.

I’ve been an Android flagship smartphone user for the best part of a decade. Earlier this week I bought an iPhone 12 Pro Max. No Black Friday savings for me, unfortunately, as I purchased it sim-free rather than on contract. So, why make the change now? One word sums it up: security. Four words explain it better though: security, privacy, fractured, ecosystem. I’ve been growing increasingly unhappy when it comes to security updates for my Samsung Galaxy Note 10+ 5G. More accurately, with the delay in waiting for them to arrive on my device. As someone who has been involved in cybersecurity since before it was even called that, I appreciate the importance of timely security updates.

What I don’t appreciate is leaving the attack window open for known Android vulnerabilities while I wait for those updates to arrive on my smartphone. Usually, this window is open for anything between two and three weeks, although it has been as long as five or six weeks in the past. That, dear reader, isn’t good enough. The fractured Android ecosystem is to blame, with the rollout of such updates depending upon a myriad of factors including device manufacturer, model and network. Apple has no such issues, of course, it controls the ecosystem, and when an update is ready, it is ready for all. Throw in the recent advances in privacy that Apple has brought to the party, and making the switch became a no-brainer.

However, when it comes to security on my new iPhone or yours for that matter, there is some tweaking of settings that really should be done as soon as possible to get the best from the device, no matter which of the four new 12 models you’ve opted for.

Here are the four ‘risky’ security settings I checked right away and would advise you to do so as well for fear of regretting it later.

1. Face ID

Although I was disappointed that Apple had not seen fit to include Touch ID on the iPhone 12 models, especially during this time of face mask usage, Face ID is excellent right out of the box. While my iPhone doesn’t know who I am when I’ve got a face mask on, it does cope with me wearing a surgical collar. In fact, I’ve got three different surgical collars, and it manages OK with all of them. If your iPhone isn’t as forgiving as mine, you can always add an ‘alternative appearance’ to give it a helping hand. However, the Face ID setting that everyone really should configure immediately is “Require Attention for Face ID.” Toggling this on sets the iPhone TruDepth camera to verify that you are actually awake and looking at your iPhone before Face ID unlocks the device. Although Apple warns that this may not work correctly if you are wearing sunglasses, well duh, what it will make it harder for someone to unlock your phone when you are asleep, for example. You can find both these options via Settings|Face ID & Passcode.

2. Passcode

When navigating to the Face ID & Passcode settings, you will have been asked to enter your passcode. The vast majority of people, understandably, go for the convenience over security approach when it comes to configuring a passcode. Which is why four-digit PINs are the order of the day. Here’s the problem with that; it’s the least secure option and least secure is never a great place to position yourself within. It’s better, of course, than turning the passcode off. I know plenty of people who do that as well, sadly. Please don’t be one of them. Instead, scroll down to the “Change Passcode” option and, rather than typing in another four dights, tap on “Passcode Options” instead. You could choose the custom alphanumeric code option, which is the most robust security positioning as it allows you to enter a full password. I would advise against it for most folk, simply because the inconvenience is more likely to lead to them disabling it altogether. So, being pragmatic, I’d say go for the custom numeric code option instead. A six-digit PIN is better than a four-digit one, eight digits better yet. Well, you get the idea. Just don’t use your birthday or the world’s worst password of 123456.

3. Wi-Fi

Cybercriminals play to their strengths and your weaknesses. Strengths such as technical know-how, and an understanding of user psychology, weaknesses like wanting to be connected all the time with the least interaction possible. Now, sure, most of the time, you’ll likely be connected to either your home/work network or your cellular provider. But what about when you are out and about in a low-coverage area, and the coffee shop or transit hub is offering a free Wi-Fi hotspot? These are not always what they seem and can be downright dangerous if you connect to a malicious hotspot set up by a hacker. If your iPhone 12 is connecting automatically, it could get you in a whole heap of privacy trouble, and worse. Hackers can use software tools to literally sniff your data streams and grab passwords and the like. Hotspot names can look right, but that doesn’t make them safe. Don’t let your iPhone 12 connect automatically, instead configure it to ask to join instead. You can find these options in Settings|Wi-Fi for both networks and Wi-Fi hotspots. Remember to take care, even so, check with the coffee shop or ask at the airport information desk for the Wi-Fi name, so you don’t inadvertently hop onto a rogue hotspot.

4. Lock Screen

What is the auto-lock screen timeout set to on your iPhone 12? If it is never, then please accept this virtual security slap from me. That’s a real no-no. Please take my advice and set it for the absolute minimum of 30 seconds, which provides the absolute maximum security as far as the lock screen is concerned. This should have absolutely no impact on your usage of the smartphone as it is smart enough to detect your attention, when you are looking at the screen, to prevent it dimming or locking during use.

