Posts

Use Guided Access for Securely Allowing Others to Use an App on Your iPhone or iPad

/in /by

iPhones and iPads are highly personal devices, but you might want to let someone else use a particular app on yours without letting them poke through Messages, Mail, and Photos. For example, a child could play a game, a volunteer could check in attendees, or a friend could take photos. To allow this, Apple created Guided Access, which you turn on in Settings > Accessibility—give it an easily remembered passcode and decide if you want to let the display auto-lock. Then, to turn on Guided Access, open the app you want to share and triple-click the side or top button. Options let you control buttons, the accelerometer, software keyboards, touch input, and a time limit. To end a Guided Access session, triple-click the side or top button, enter the Guided Access passcode, and tap End.

(Featured image by iStock.com/Userba011d64_201)

Social Media: If you’d like to allow a child, friend, or colleague to enjoy a specific app on your iPhone or iPad while keeping them focused and preventing access to everything else on the device, check out Apple’s Guided Access feature.

Beware Fake “Sextortion” Scams

/in /by

All those data breaches are coming back to haunt us. Once our phone numbers and addresses began to be leaked, it was only a matter of time before scammers would personalize their attacks to make them seem more real. The latest “sextortion” scams purport to have compromising video of you taken from your computer’s webcam, backing it up with your phone number and a Google Street View-like image that matches your leaked address. They make a lot of claims and dire-sounding threats, but talk is cheap, and there’s nothing behind them. Do not pay the scammers!

(Featured image by iStock.com/Thapana Onphalai)

Social Media: Scams are starting to incorporate personal information stolen in data breaches, so you may get “sextortion” threats that purport to know your phone number, address, and more.

Restrict Access to Sensitive Apps in iOS 18 and iPadOS 18

/in /by

Do you worry about family members with whom you’re otherwise happy to share your iPhone passcode reading your private diary in a journaling app? Or perhaps you want to keep your child out of apps where they could cause mischief. A new feature in iOS 18 and iPadOS 18 lets you use Face ID or Touch ID to restrict access to specific apps, optionally hiding them in the process. Touch and hold the app’s icon on the Home Screen, and tap Require Face/Touch ID. When prompted, either tap Require Face/Touch ID to leave the app’s icon visible on the Home Screen but restrict access or tap Hide and Require Face/Touch ID to restrict access and hide the icon. Protected apps only open after you authenticate with Face ID or Touch ID; hidden apps can be accessed only from the Hidden folder in the App Library after authenticating. (To reach the App Library, swipe left repeatedly on your Home Screen, then scroll to the bottom to find the Hidden folder.)

(Featured image by iStock.com/SasinParaksa)

Social Media: Keep prying eyes—or mischievous children—out of sensitive or important apps by requiring Face ID or Touch ID access before the app opens. You can also hide such apps so they appear only after you authenticate.

Passwords Becomes a Real App in macOS 15 Sequoia, iOS 18, and iPadOS 18

/in /by

Although we’re still fans of 1Password, and there are plenty of other good password managers out there, like BitWarden and Dashlane, Apple has finally removed the last hurdle to using its built-in password management capabilities.

Starting in macOS 15 Sequoia, iOS 18, iPadOS 18, and visionOS 2, Passwords is now a real app rather than being trapped inside Safari, System Settings, and Settings. If you have resisted using a password manager or don’t wish to continue subscribing to an alternative, give Apple’s Passwords a try. It makes creating, maintaining, and entering passwords faster, easier, and more secure than doing it by hand. Those already using a password manager can export their accounts and import into Passwords.

What You’ll Find in Passwords

We’ll focus on the Mac version here, but the other versions are nearly identical apart from their screen sizes.

The left-hand sidebar, reminiscent of Reminders, provides categories of accounts:

  • All: Select All to see all your accounts, regardless of what shared group they may be in.
  • Passkeys: If you have any passkeys for large websites like Apple, Google, and others, they’ll appear here.
  • Codes: Passwords can create, store, and enter two-factor authentication codes for sites that support them. If you need to look one up manually because Passwords couldn’t autofill it, you’ll find the associated account here.
  • Wi-Fi: This category contains stored passwords for all the known Wi-Fi networks on your device. Because known Wi-Fi networks aren’t synced between devices, the number of these will vary between your devices.
  • Security: If you have any accounts with weak passwords, accounts you previously shared and stopped sharing, or accounts whose passwords were leaked in a security breach, they’ll appear here. Edit these accounts and click the Change Password button to start the process; when the password changes, they’ll disappear from this category.
  • Deleted: Any accounts you delete stay here for 30 days before being deleted for good. You can delete any of these accounts immediately or restore them to their previous group.
  • Shared Groups: If you use Family Sharing, you automatically get a Family Passwords group to simplify sharing important accounts with your family members. But you can also share accounts with other groups of Apple device owners. To move an account to a group, choose it from the Group pop-up menu.

The middle pane lists the accounts in the selected category. You can sort the list using the menu with vertical arrows, search for a specific account, and manually add a new one with the + button. Otherwise, scroll through the list and click an account to view it in the right-hand pane.

At the top of the right-hand pane is an AirDrop button and an Edit button. Click AirDrop to share an account with someone nearby or Edit to make changes or set up a two-factor verification code. If you want to copy information, click the User Name, Password, Verification Code, or Website item to get a Copy menu. The password becomes visible when you mouse over it. Clicking Website also offers an Open Website option and lets you add more sites where the password should autofill.

Setup Requirements

Most people shouldn’t need to do anything to start using Passwords. However, if you have trouble, check the following items:

  • Turn on Password AutoFill: If your device isn’t entering passwords for you, turn on AutoFill Passwords and Passkeys in Settings/System Settings > General > AutoFill & Passwords. Also, ensure that Passwords is enabled in the AutoFill From section if multiple password managers are installed.
  • Turn on iCloud Keychain: If you want your passwords to sync securely among your devices, which makes life a lot easier, go to Settings/System Settings > Your Name > iCloud > Passwords and turn on Sync This Device.
  • Set up iCloud Passwords for other browsers: Apart from Safari, Chromium-based Web browsers (Arc, Brave, Google Chrome, Microsoft Edge, etc.) can access and autofill your saved passwords if you install Apple’s iCloud Passwords Chrome extension. (There’s also now an iCloud Passwords add-on for Firefox.) The overall experience is not as seamless as in Safari, requiring a once-per-launch code, and you have to create new accounts in Safari or manually in Passwords, but it works.
  • Configure settings: Choose Passwords > Settings (or look in Settings > Apps > Passwords for iOS 18 and iPadOS 18) to access options. Generally speaking, it’s fine to keep them all turned on.

If you have additional questions, check Apple’s documentation for detailed instructions for all the platforms on which Passwords runs. But realistically, Passwords is easy to use, and although the app itself is new, the underlying password management features and syncing have been in place for years, so they’re stable and reliable.

(Featured image by iStock.com/designer491)

Social Media: Apple’s new Passwords app in macOS 15, iOS 18, iPadOS 18, and visionOS 2 makes the company’s longstanding password storage and syncing features more straightforward and easy to use. It’s password management for the rest of us!

Use iOS 17.3’s Stolen Device Protection to Reduce Harm from iPhone Passcode Thefts

/in /by

Last year, a series of articles by Wall Street Journal reporters Joanna Stern and Nicole Nguyen highlighted a troubling form of crime targeting iPhone users. A thief would discover the victim’s iPhone passcode, swipe the iPhone, and run. With just the passcode, the thief could quickly change the victim’s Apple ID password, lock them out of their iCloud account, and use apps and data on the iPhone to steal money, buy things, and wreak digital havoc.

In essence, Apple allowed the passcode, which could be determined by shoulder surfing, surreptitious filming, or social engineering, to be too powerful, and criminals took advantage of the vulnerability. It’s best to use Face ID or Touch ID, especially in public, but some people continue to rely solely on the passcode.

Apple has now addressed the problem for iPhone users with the new Stolen Device Protection feature in iOS 17.3. It protects critical security and financial actions by requiring biometric authentication—Face ID or Touch ID—when you’re not in a familiar location like home or work. The most critical actions also trigger an hour-long security delay before a second biometric authentication. We recommend everyone who uses Face ID and Touch ID turn on Stolen Device Protection. The feature is not available for the iPad or Mac, but neither is as likely to be used in places like the crowded bars where many iPhones have been snatched.

How Stolen Device Protection Works

The location aspect of Stolen Device Protection is key. When you’re in a “significant location,” a place your iPhone has determined you frequent, you can do everything related to security and financial details just as you have been able to in the past, including using the passcode as an alternative or fallback.

However, when you’re in an unfamiliar location, as you would likely be if you were out in public where someone might steal your iPhone, Stolen Device Protection requires biometric authentication to:

  • Use passwords or passkeys saved in Keychain
  • Use payment methods saved in Safari (autofill)
  • Turn off Lost Mode
  • Erase all content and settings
  • Apply for a new Apple Card
  • View an Apple Card virtual card number
  • Take certain Apple Cash and Savings actions in Wallet (for example, Apple Cash or Savings transfers)
  • Use your iPhone to set up a new device (for example, Quick Start)

Some actions have even more serious consequences, so for them, Stolen Device Protection requires biometric authentication, an hour security delay—shown with a countdown timer—and then a second biometric authentication. The delay reduces the chances of an attacker forcing you to authenticate with the threat of violence. You’ll need to go through the double authentication plus delay when you want to:

  • Change your Apple ID password (Apple notes this may prevent the location of your devices from appearing on iCloud.com for a while)
  • Sign out of your Apple ID
  • Update Apple ID account security settings (such as adding or removing a trusted device, Recovery Key, or Recovery Contact)
  • Add or remove Face ID or Touch ID
  • Change your iPhone passcode
  • Reset All Settings
  • Turn off Find My
  • Turn off Stolen Device Protection

There are a few caveats to keep in mind:

  • The iPhone passcode still works for purchases made with Apple Pay, so a thief could steal your passcode and iPhone and buy things.
  • Although Apple says it’s required, you can turn off Significant Locations to require the extra biometric authentication and security delay everywhere. That would eliminate the worry about a thief using Significant Locations to go to your most recent familiar spot in an attempt to sidestep the extra authentication.
  • If you plan to sell, give away, or trade in your iPhone, make sure to turn off Stolen Device Protection first. Once it’s out of your physical control, no one else will be able to reset it.

Turn On Stolen Device Protection

Before you get started, note that Apple says you must be using two-factor authentication for your Apple ID (everyone should be anyway), have a passcode set up for your iPhone (ditto), turn on Face ID or Touch ID, enable Find My, and turn on Significant Locations (Settings > Privacy & Security > Location Services > System Services > Significant Locations), although this last one doesn’t actually seem to be required.

Then, go to Settings > Face ID/Touch ID & Passcode, enter your passcode, and tap Turn On Protection. (If it’s enabled, tap Turn Off Protection to remove its additional safeguards.)

Once Stolen Device Protection is on and you’re in an unfamiliar location, the actions listed above will require either biometric authentication or two biometric authentications separated by the hour-long security delay.

There is one group of people who should not turn on Stolen Device Protection: those for whom Face ID or Touch ID don’t work. Most people have no trouble with Apple’s biometric technologies, but some people have worn off their fingerprints or have other physical features that confuse Touch ID or, less commonly, Face ID.

If that’s you, stick with our general recommendation for discouraging possible iPhone thefts: Never enter your iPhone passcode in public where it could be observed.

(Featured image by iStock.com/AntonioGuillem)

Social Media: In iOS 17.3, Apple has introduced Stolen Device Protection to discourage iPhone thefts enabled by a revealed passcode. It requires additional biometric authentication, and we recommend that everyone who uses Face ID or Touch ID enable it.

How to Share a Contact Card without Sharing Everything in iOS 16

/in /by

Apple makes it easy to share contact cards on the iPhone or iPad—just scroll down in a contact and tap Share Contact. But what if you don’t want to share every piece of data on that card? To avoid oversharing in iOS 16 or iPadOS 16, tap Filter Fields at the top of the Share sheet and deselect the private items. If the card has a lot of data and you want to share only a few items, tap Deselect All Fields at the bottom of the sheet and select only what you want to share. Unfortunately, your selections aren’t remembered if you share the same card again later, so be sure to reset your selections each time you share.

(Featured image by iStock.com/diane39)

Protect Your Hidden and Recently Deleted Albums in Photos

/in /by

Photos has long provided a hidden album you could use to hold images you wanted to keep a little more private. Until this year, however, it was security through obscurity: anyone who knew to reveal the album in Settings > Photos on an iPhone or iPad or by choosing View > Show Hidden Album on the Mac could see its contents. Now you can protect it—and the Recently Deleted album—with Face ID or Touch ID on an iPhone or iPad, or Touch ID or your password on a Mac. You can enable this feature in iOS 16 or iPadOS 16 using Settings > Photos > Use Face ID/Touch ID; in macOS 13 Ventura, choose Photos > Settings > General and select “Use Touch ID or password.” From then on, opening those albums will require authentication.

(Featured image by iStock.com/Kenishirotie)

If Your Holiday Gift Was a Tech Device, It’s Time to Change the Password!

/in /by

Whatever consumer electronics product you can name, there’s probably a “smart” version that you configure via an app or Internet-connected interface once you’ve connected it to your Wi-Fi network. For ease of setup and to keep costs down, many such devices come pre-configured with not just a default username and password, but the same default username and password as all other units. That’s bad enough, but worse, most people never change those defaults, which is just asking hackers and malicious bots to break in and take over. This risk is real—it has happened to security cameras, baby monitors, light bulbs, DVRs, toasters, refrigerators, and even fish tanks. So, if you received any so-called “Internet of Things” devices for the holidays—or have one or more already installed on your home network—immediately change the usernames (if possible) and passwords to something more secure. Store the new usernames and passwords in your password manager for future reference.

(Featured image by iStock.com/EvgeniyShkolenko)

Don’t Trust an App Fully? Hide Your Precise Location from It

/in /by

Most of the time, having your iPhone know precisely where you are is good. You want Maps to tell you exactly when to turn, not after you’ve passed an intersection. But too many apps abuse their users’ privacy. We strongly encourage you to stop using such apps entirely, but we acknowledge that it can be hard to give up apps that seem necessary for modern life. Barring that, you could prevent such apps from seeing your location at all, but even that isn’t always feasible. Since iOS 14, Apple has provided another compromise—you can prevent an app from seeing your precise location while still giving it your approximate whereabouts. Go to Settings > Privacy > Location Services, scroll down and tap the app in question, and disable Precise Location.

(Featured image by iStock.com/Melpomenem)

What’s That Little Orange Dot by Control Center in macOS 12 Monterey?

/in /by

Have you noticed a little orange dot next to the icon for Control Center on the menu bar in macOS 12 Monterey? (And if not, you can’t miss it now.) Apple added that dot to alert you that something is using the Mac’s microphone to listen to the room. Click the Control Center icon to see which apps are using the mic. In nearly all situations, it will be entirely innocuous: Siri needs to listen for the “Hey, Siri” trigger, as in the screenshot below, and the Zoom app needs microphone access to provide audio in a video call. But if you don’t recognize the app that’s listening, you’ll want to look into it to make sure there’s nothing creepy going on.

(Featured image by iStock.com/Mihajlo Maricic)