iOS Security Essential: Enabling the iPhone / iPad Passcode
Virtually all iPhone and iPad users should set an iOS passcode for their individual devices. This forces anyone attempting to use the device to enter a password before being able to unlock it or gain access to anything on the device, and it also requires the same passcode before any user is able to make adjustments to certain system preferences. Setting a device access code is very simple, and unless an iOS device never leaves home, work, or school, or doesn’t have any personal data on it, it should be considered an easy yet essential security tip for all users to safeguard their devices and data.
This guide is intended for those who are not yet using pass codes to protect their iPhone, iPad, or iPod touch (hi Mom!). If you’re already using a passcode, you can skip the initial setting portion and review the time frame for the passcode requirement, or consider using some of the more advanced security methods, ranging from complex pass codes to the more extreme security methods of having mandatory data destruction after multiple incorrect attempts have been made.
Enabling the Lock Screen Passcode in iOS
This turns on the passcode that will show up when someone ‘slides to unlock’ a protected iPhone or iPad, entry of the passcode becomes mandatory before access is granted to the iOS device.
- Open the “Settings” app on your device and go to “General”
- Select “Passcode Lock” and then choose “Turn Passcode On”
- Enter a four digit passcode using the number keypad on screen, then re-enter the same passcode to confirm and set it
Obviously, don’t pick a passcode you’ll forget or that is too cumbersome to be entered, otherwise you’ll just be annoyed. If you happen to forget it, you can either head to Apple Support to take care of it for you, or restore the device using one of your backups to reset it.
Now that the passcode is set, you’ll want to adjust the time the device is inactive before it’s required for use again.
Setting a Reasonable Passcode Requirement Time Frame
This basically means how long a device is inactive or how long the screen has been locked before requiring a passcode to be re-entered for access to be granted again. Shorter times are safer.
- Back in Settings > General > Passcode Lock choose the “Require Passcode” option
- Set the timeframe most appropriate for your use (immediately, 1 minute, or 5 minutes are generally recommended)
- Exit out of Settings as usual
The shortest times are the most secure. My personal preference is for ‘immediately’ to prevent any undesired usage of any device left about momentarily, sitting out somewhere in public, or if a device happens to be misplaced. Because the password is required immediately after the screen has been locked, there’s no worry that someone could instantly gain access to personal data or adjust settings on the device. 1 minute is also a reasonably safe timeframe, and 5 minutes is approaching the end of what I’m comfortable recommending for iPhone users or those who carry devices in public places frequently. Anything at 15 minutes or longer (let alone the 4 hours setting) is too much time to be considered particularly secure, but such settings have their use cases in plenty of environments and for plenty of users. If you like maximum security or are paranoid, use the “Immediate” setting.
Assuming you used the ‘immediate’ setting, you can now test it’s working by hitting the Power/Lock button on the device, then sliding to unlock as usual. You’ll be presented with a screen like this:
Stronger: Using Complex Passcodes for Added iOS Security
Another option is to toggle the setting for using a stronger complex passcode for additional security, which allows the entire set of alphanumeric keyboard characters, or even accent characters to be used as a potential device password.
The Complex Passcode means that when a user goes to unlock the iOS device, the entire standard keyboard will show up, rather than the quick number pad that is visible with a normal passcode. While complex pass codes may offer much greater security, they can also be more difficult to enter, which could make them impractical for some iOS users who want quicker access to their devices. Ultimately, whether to make a security or convenience trade-off with a standard number vs complex alphanumeric is a matter of individual user preference.
Extreme: Erasing Data After Failed Passcode Attempts
Another possibility is to use what I like to call the “James Bond self-destruct setting”, which literally will erase everything on the device after too many failed passcode attempts. This is a very high security feature that is not practical for the majority of users, and is really not recommended for forgetful individuals, or iOS users who have children who use (or try to use) their iPhones and iPads. Regardless, make regular backups of any devices that have this set up.
Also, don’t forget to set up Find My iPhone as part of iCloud. This offers the ability to remotely lock a device with something called “Lost Mode”, as well as providing physical map-based tracking of an iPhone, iPad, iPod Touch, or Mac that has been configured to use the feature. These two features can make the difference in recovering a lost device or not, and at the very least, provide additional peace of mind. Just consider how much personal information is stored on our smartphones, tablets, and computers, and you can imagine why each of these security precautions is a good idea.