Posts

What You Need to Know Before Switching to a New iPhone

/in /by

Are you planning to upgrade to a new iPhone 16? It’s exciting, we know, but it’s best to proceed deliberately when setting up your new iPhone to avoid causing yourself headaches. Follow these instructions when you’re ready to transfer your data—and, for many people, much of your digital life—to the new iPhone. Apple also has a series of videos you can watch.

  1. Update your old iPhone to the latest version of iOS. If you have an Apple Watch, update it to the latest version of watchOS. This process can take some time, so it may be best done overnight before you move data to your new iPhone.
  2. Make sure you know your Apple ID and password, and if you have an Apple Watch, its passcode. You will likely have to enter them at least once during this process.
  3. Back up your old iPhone to iCloud or your Mac. (If you back up to a Mac, be sure to encrypt the backup, or else it won’t include saved passwords, Wi-Fi settings, browsing history, Health data, and call history.) Or back up to both, for safety’s sake. We prefer iCloud backups because they’re easier and don’t introduce additional variables, like flaky USB cables. If you don’t usually back up to iCloud, Apple will give you temporary iCloud storage to make a backup when moving to a new iPhone. To initiate an iCloud backup, go to Settings > Your Name > iCloud > iCloud Backup and tap Back Up Now.
  4. If you have an Apple Watch, you don’t need to unpair it from your old iPhone at this point in the process. (Later, if the automatic transfer has not worked, you can unpair it manually and pair it again later. If you end up taking the manual route and have a cellular Apple Watch, you’ll be asked if you want to keep or remove your plan. If you’re keeping your Apple Watch to re-pair with your new iPhone, keep the plan.)
  5. You shouldn’t need to worry about transferring a SIM card. If you ordered your new iPhone through Apple and connected to your cellular carrier account during purchase, activating the new iPhone should cause it to take over your phone number. The same should be true if you’ve purchased directly through your carrier. Besides, it’s likely that iPhone 16 models sold in the US will rely on eSIM and lack SIM trays like the iPhone 15, so only non-US users might need to transfer the SIM card from the old iPhone to the new one. Even then, it’s better to contact your carrier and get them to activate the new SIM in the new iPhone because old SIMs don’t always support all current cellular features, such as full 5G support.
  6. Transfer your data, settings, apps, and purchased content in one of these three ways. None of them will be quick, despite the first one’s name, so initiate the transfer only when you have plenty of time:
    • Quick Start: With the Quick Start feature, content from your old iPhone copies directly from your old iPhone to your new one. We recommend this technique because it’s more likely to preserve app logins, something that’s less true when restoring from an iCloud backup. Put your iPhones next to each other (plugged into power), use the old iPhone to scan the animation on the new one, and then follow the rest of the steps.
    • iCloud: With this technique, the new iPhone will download your content from your old iPhone’s iCloud backup. Once you’ve joined a Wi-Fi network on the new iPhone and tapped the Restore from iCloud Backup button, you’ll have to select the correct backup—likely the most recent one you just made. Keep your new iPhone plugged into power the entire time to ensure that all your content syncs during this step.
    • Finder or iTunes: With this approach, you’ll restore your old iPhone’s content from a backup made to your Mac. Connect your new iPhone to your Mac using an appropriate cable, open a Finder window (or iTunes on an old Mac), select your device in the left-hand sidebar, click Restore Backup, and choose the appropriate backup—likely the most recent one.
  7. Perform post-transfer tasks. Ensure that you can make and receive a phone call. If necessary, pair your Apple Watch with the new iPhone. You’ll also need to pair your Bluetooth accessories—including AirPods—with your new iPhone. Plus, some app data needs to sync to your new iPhone, so open the Mail, Contacts, and Calendar apps and check if they have your data. It could take a few minutes for them to fill up. Apps may request notification permissions again, and you may need to download content and in-app purchases.
  8. If you use two-factor authentication with an app like 1Password, Authy, or Google Authenticator, ensure you can get your 2FA codes using your new iPhone. 1Password and Authy are good about providing access to 2FA codes from multiple devices—just log in to your account from each device—but Google Authenticator may require some additional setup since it didn’t initially offer any way to transfer codes to a new phone.
  9. Finally, if necessary, set up single sign-on for work or school. If your workplace or school uses a security system like Duo, you’ll likely want to activate your new iPhone and deactivate the old one. Using any device, navigate to a standard single sign-in login screen from your organization, look for a link for managing your logins, click that link, and follow the prompts.

Although Apple works hard to make the process of transferring from an old iPhone to a new one as painless as possible, some things may fail to transfer seamlessly. For that reason, we strongly recommend holding onto your old iPhone for a week or so to ensure the new one can do everything the old one could. During that time, put the new iPhone through its paces with an eye toward checking every app you need.

(Featured image by iStock.com/valiantsin suprunovich)

Social Media: It’s exciting to get a new iPhone, but take a few minutes to read our advice on what you need to do before—and after—transferring your data from your old iPhone.

Share 2FA Setup for Team Access to a Single Account

/in /by

When your team or family shares access to a single account (such as for banking or social media, which seldom offer multi-user access), using two-factor authentication via SMS is awkward—whose phone receives the 2FA codes? One solution is to use an authentication app. Authentication apps are more secure, and multiple people can add 2FA support to the same account by scanning the QR code at setup or adding the 2FA setup URL later. (In both 1Password and Apple’s iCloud Keychain, edit the login to see and copy the setup URL.) An even better solution is to use a password manager that supports both 2FA codes and password sharing. That way, one person can set up the account with 2FA and add its login to a shared vault or collection. 1Password, Bitwarden, Dashlane, iCloud Keychain, and others provide such features.

(Featured image by iStock.com/May_Chanikran)

Social Media: For better results when a team or family group needs to share 2FA codes to log in to a website, try to use an authentication app instead of SMS, or better yet, use a password manager that can both generate 2FA codes and share logins with a group.

Use 1Password to Enter Your Mac Login Password

/in /by

We think of 1Password as being helpful for entering passwords on websites and in iPhone and iPad apps. But its Universal Autofill feature has a hidden capability that lets 1Password enter your Mac login password when you have to provide it to change certain system settings, install apps, format drives in Disk Utility, and more. (But it won’t work to log in at startup before 1Password is running.) To turn this feature on, click the New Item button in 1Password, search for and select “Mac login” , give it a name that will sort alphabetically to the top, like “2020 27-inch iMac” , enter your password, and click Save . From then on, whenever you’re prompted for your Mac login password , press Command- (Backslash, located above the Return key), and then click the desired login or press Return to select the topmost item .

(Featured image based on an original by iStock.com/ipuwadol)

Social Media: 1Password is tremendously helpful for entering website passwords, but a little-known feature also enables it to enter your Mac login password for changing system settings, installing apps, and more.

After “Mother of All Breaches,” Update Passwords on Compromised Sites

/in /by

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on compromised sites, especially those you reused on another site. Cybernews has a leak checker that reports which breached sites include your data. More generally, password managers often have a feature that checks your passwords against the Have I Been Pwned database of breaches and helps you change compromised passwords—1Password’s is called Watchtower, shown below. You can also search Have I Been Pwned directly. Don’t panic if your email address appears in numerous breaches because some of the theoretically compromised accounts may be defunct sites, trivial sites you used once 10 years ago, or duplicate password manager entries for a site whose password you already updated.

(Featured image by iStock.com/Prae_Studio)

Social Media: Worried about the “Mother of All Breaches” that has been making the rounds in security news? We share a leak checker that can tell you if your email address was involved and recommend that you update any compromised passwords.

Avoid Confusion by Setting iPhone Password Autofill to Only One App

/in /by

Let’s say you use 1Password (or another third-party password manager) on an iPhone or iPad. When that’s the case, it’s easy to end up in a situation where your device will present passwords from both 1Password and iCloud Keychain, possibly along with another app. That won’t break anything, but as you can see in the screenshot below, dueling password managers can be confusing, particularly if one doesn’t have up-to-date passwords. To make logging in easier, go to Settings > Passwords > Password Options and select just one app in Allow Filling From. For instance, if you’re using 1Password, turn off iCloud Passwords & Keychain and all the other apps.

(Featured image based on an original by iStock.com/Kostiantyn Filichkin)

Social Media: Do you suffer from dueling password managers on your iPhone or iPad? If you’re using a third-party password manager, turn off password autofill for iCloud Passwords & Keychain and any other apps to avoid confusion.

5 New Year’s Resolutions That Will Improve Your Digital Security

/in /by

Happy New Year! For many of us, the start of a new year is an opportunity to reflect on fresh habits we’d like to adopt. Although we certainly support any resolutions you may have made to get enough sleep, eat healthy, and exercise, could we suggest a few more that will improve your digital security?

Keep Your Devices Updated

One of the most important things you can do to protect your security is to install new operating system updates and security updates soon after Apple releases them. Although the details seldom make the news because they’re both highly specific and highly technical, you can get a sense of how important security updates are by the fact that a typical update addresses 20–40 vulnerabilities that Apple or outside researchers have identified.

It’s usually a good idea to wait a week or so after an update appears before installing it, on the off chance that it has undesirable side effects. Although such problems are uncommon, when they do happen, Apple pulls the update quickly, fixes it, and releases it again, usually within a few days.

Use a Password Manager

We’ve been banging this drum for years. If you’re still typing passwords in by hand, or copying and pasting from a list you keep in a file, please switch to a password manager like 1Password or LastPass. Even Apple’s built-in iCloud Keychain is better than nothing. A password manager has five huge benefits:

  • It generates strong passwords for you. Password1234 can be hacked in seconds.
  • It stores your passwords securely. An Excel file on your Desktop is a recipe for disaster.
  • It enters passwords for you. Wouldn’t that be easier than typing them in manually?
  • It audits existing accounts. How many of your accounts use the same password?
  • It lets you access passwords on all your devices. Finally, easy login on your iPhone!

A bonus benefit for families is password sharing. It allows, for example, a married couple to share essential passwords or for parents and teens to share certain passwords.

In short, using a password manager is more secure, faster, easier, and just all-around better. If you need help getting started, get in touch.

Beware of Phishing Email

Individuals and businesses alike frequently suffer from security lapses caused by phishing, forged email that fools someone into revealing login credentials, credit card numbers, or other sensitive information. Although spam filters can catch many phishing attempts, it’s up to you to be on your guard at all times. Here’s what to watch for:

  • Any email that tries to get you to reveal information, follow a link, or sign a document
  • Messages from people you don’t know, asking you to take an unusual action
  • Direct email from a large company for whom you’re an anonymous customer
  • Forged email from a trusted source asking for sensitive information
  • All messages that contain numerous spelling and grammar mistakes

When in doubt, don’t follow the link or reply to the email. Instead, contact the sender in some other way to see if the message is legit.

Avoid Sketchy Websites

We won’t belabor this one, but suffice it to say that you’re much more likely to pick up malware from sites on the fringes of the Web or that cater to the vices of society. To the extent that you can avoid sites that provide pirated software, “adult” content, gambling opportunities, or sales of illicit substances, the safer you’ll be. That’s not to say that reputable sites haven’t been hacked and used to distribute malware too, but it’s far less common.

If you are concerned after spending time in the darker corners of the Web, download a free copy of Malwarebytes or DetectX Swift and scan for malware manually.

Never Respond to Unsolicited Calls or Texts

Although phishing happens mostly via email, scammers have also taken to using phone calls and texts. Thanks to weaknesses in the telephone system, such calls and texts can appear to come from well-known companies, including Apple and Amazon. Even worse, with so much online ordering happening, fake text messages pretending to help you track packages are becoming more common.

For phone calls from companies, unless you’re expecting a call back from a support ticket you opened, don’t answer. Let the call go to voicemail, and if you feel it’s important to respond, look up the company’s phone number elsewhere, and talk with someone at that number rather than one provided by the voicemail.

For texts, avoid following links unless you recognize the sender and it makes sense that you’d be receiving such a link. (For instance, Apple can text delivery details related to your orders.) Regardless, never enter login information at a site you’ve reached by following a link because there’s no way to know if it’s real. Instead, if you want to learn more, navigate manually to the company’s site by entering its URL yourself, then log in.

Let’s raise a glass to staying safe online in 2021!

(Featured image based on originals from Tim Mossholder and Jude Beck on Unsplash)

Social Media: Have a safer 2021 with New Year’s resolutions that will help you secure your devices, avoid email and text scams, and stay safe from malware, as well as benefit from the security and ease-of-use of password managers, which can even fill in passwords for iPhone apps.

Have Your Online Passwords Been Stolen? Here’s How to Find Out.

/in /by

Data breaches have become commonplace, with online thieves constantly breaking into corporate and government servers and making off with millions—or even hundreds of millions!—of email addresses, often along with other personal information like names, physical address, and passwords.

It would be nice to think that all companies properly encrypt their password databases, but the sad reality is that many have poor data security practices. As a result, passwords gathered in a breach are often easily cracked, enabling the bad guys to log in to your accounts. That may not seem like a big deal—who cares if someone reads the local newspaper under your name? But since many people reuse passwords across multiple sites, once one password associated with an email address is known, attackers use automated software to test that combination against many other sites.

This is why we keep beating the drum for password managers like 1Password and LastPass. They make it easy to create and enter a different random password for every Web site, which protects you in two ways.

  • Because password managers can create passwords of any length, you don’t have to rely on short passwords that you can remember and type easily. The longer the password, the harder it is to crack. A password of 16–20 characters is generally considered safe; never use anything shorter than 13 characters.
  • Even if one of your passwords was compromised, having a different password for every site ensures that the attackers can’t break into any of your other accounts.

But password security hasn’t always been a big deal on the Internet, and many people reused passwords regularly in the past. Wouldn’t it be nice to know if any of your information was included in a data breach, so you’d know which passwords to change?

A free service called Have I Been Pwned does just this (“pwned” is hacker-speak for “owned” or “dominated by”—it rhymes with “owned”). Run by Troy Hunt, Have I Been Pwned gathers the email addresses associated with data breaches and lets you search to see if your address was stolen in any of the archived data breaches. Even better, you can subscribe to have the service notify you if your address shows up in any future breaches.

Needless to say, you’ll want to change your password on any site that has suffered a data breach, and if you reused that password on any other sites, give them new, unique passwords as well. That may seem like a daunting task, and we won’t pretend that it isn’t a fair amount of work, but both 1Password and LastPass offer features to help.

In 1Password, look in the sidebar for Watchtower, which provides several lists, including accounts where the password may have been compromised in a known breach, passwords that are known to have been compromised, passwords that you reused across sites, and weak passwords.

LastPass provide essentially the same information through its Security Challenge and rates your overall security in comparison with other LastPass users. It suggests a series of steps for improving your passwords; the only problem is that you need to restart the Security Challenge if you don’t have time to fix all the passwords at once.

Regardless of which password manager you use, take some time to check for and update compromised, vulnerable, and weak passwords. Start with more important sites, and, as time permits, move on to accounts that don’t contain confidential information.

Social Media: Have any of your online passwords been stolen in a breach? The answer is probably “yes,” and today’s article helps you discover and correct your most problematic passwords.