Modernizing Authentication — What It Takes to Transform Secure Access
While Apple blocks full anti-virus apps from its App Store, counting on its own technology and systems to protect its users (in a whitepaper [PDF], the company states, "Every iOS device combines software, hardware and services designed to work together for maximum security and a transparent user experience"), there are several key steps worth taking to improve the security of iOS devices like iPhones and the information stored on them.
First and foremost, set your iOS device to auto-lock after a specified period of time (enabled in Settings -> General) and require a passcode or fingerprint to unlock it (enabled in Settings -> Touch ID & Passcode).
A wide range of other mobile security best practices, such as managing your passwords or implementing additional protections for sensitive files, requires the installation of third-party apps.
These apps can help you improve the security of your iPhone or other iOS device.
Find My iPhone
Find My iPhone (free) is not an app in and of itself, but the Find My iPhone functionality within iCloud is crucial to ensuring the security of your iOS device. You can activate it on your device at Settings -> iCloud -> Find My iPhone. With Find My iPhone enabled, if your device is lost or stolen, you can log into iCloud.com on any Web browser to locate it on a map, track its movements over the previous 24 hours, display a message with a contact number, and lock and/or erase the device remotely. You don’t need the free Find My iPhone app to find your own device, but the app helps you use your own iPhone to perform the same functions for another iOS device.
McAfee Mobile Security
McAfee Mobile Security (free) duplicates some of the functionality of iCloud and Find My iPhone, but adds some additional security features to the mix. The application enables users to back up and restore contacts, wipe contacts remotely on a lost or stolen device, locate a lost or stolen iOS device on a map, and trigger a loud alarm on a lost or stolen device even if it’s in silent mode. The app also enables users to place photos, videos or apps in a PIN-protected "Secure Media Vault" and to take a picture automatically of anyone who enters an incorrect PIN multiple times to try to access the vault.
iDiscrete ($2.99) calls itself a "digital safe," enabling iPhone users to secure a wide variety of file types without making it obvious that those files are being protected. If an unauthorized user tries to access the app, they’re simply presented with a fake "loading" screen. If you fail to enter the correct touch sequence on that screen, a basic note app loads instead. Files, including DOC, DOCX, XLS, PPT, PDF, MP3, WMV, MPEG, MOV, AVI, JPG, GIF and others, can be loaded directly from any computer with a Web browser and a Wi-Fi connection.
If you frequently use your iPhone to discuss highly sensitive information during calls, Kryptos ($10/month) enables secure voice communications using 256-bit AES encryption. 2048-bit RSA encryption is used for the session key exchange. The solution works over 3G, 4G and Wi-Fi networks, and apps for Android and BlackBerry devices are also available. A free 30-day trial of the service is available at kryptos411.com.
Private Internet Access
Private Internet Access ($39.95/year) provides an encrypted VPN service to protect user privacy and security at Wi-Fi hotspots, and to conceal the user’s IP address, identity and location when browsing the Web. It also enables users to leverage almost 3,000 servers in 21 countries to access localized or uncensored content as needed. Apps are available for iOS, Android, Linux, Mac and Windows, and a single subscription enables access on up to five devices at once.
Webroot SecureWeb Browser
Webroot SecureWeb Browser (free) provides URL filtering to protect iPhone users from malicious websites and phishing sites. The app syncs automatically with the company’s URL reputation database for real-time protection, and search results are annotated to note both safe and risky sites. The browser offers tabbed browsing for simplified multitasking.
Accessing email on an iPhone can be incredibly frustrating if your inbox is constantly being flooded with spam. Spam Arrest ($69.95/year) offers a challenge/response solution. Rather than filtering for spam and malware, it requires everyone who sends you an email to respond to a query to confirm their identity. The iPhone app offers the ability to create an account, manage unverified mail and edit an approved senders list.
SplashID Safe (free) enables secure storage of online passwords, as well as credit card data, account numbers, registration codes and other sensitive information. An automatic password generator helps create strong passwords, and stored data is protected using 256-bit encryption. An upgrade to SplashID Pro ($19.99/year) adds sync between devices (either via the cloud or over Wi-Fi), automatic backup, priority support and a security dashboard to monitor for weak, reused or old passwords.
1Password Pro ($5.99) offers functionality similar to SplashID—protecting stored information with 256-bit encryption—though data can be synced via Dropbox, iCloud or locally over Wi-Fi. The app includes support for Apple Watch, providing quick access to selected login information, notes, credit card numbers and one-time passwords. The app includes a Strong Password Generator, and a built-in browser enables automatic login to saved websites.
A third password storage option, LastPass (free), offers remote access to passwords stored using the LastPass Premium service ($12/year). All data is encrypted and decrypted locally with 256-bit encryption before syncing with the cloud. The app includes a password generator to create secure passwords, and stored data can also be viewed via an Apple Watch app. The basic version of the app is free, though the Premium service adds priority tech support and the ability to sync across devices.