SCOM0773 – Tip – iOS 12 – Security & Privacy

August 13, 2019 posted by


(music) – [Don] Hi, this is Don McAllister and welcome to another weekly tip video. With the recent release of iOS 12, I covered many of the major new features in the full iOS 12 release
show in episode 771. This tip video covers some of the privacy and security changes in iOS 12. (music) Apple have always been
quite heart on making sure that you don’t get
tracked as you move across the web using Safari and they’ve made some further improvements on share buttons and comment widgets to stop people tracking you
without your permission. And not a lot I can show
you on that at the moment but just be aware that
that has been improved. One thing I can show you
though is the built-in support for automatic strong passwords which has been beefed up slightly since the last release. So this section I will look
at the built-in support for strong passwords in iOS 7 but would still recommend using a third-party password
manager such as 1password. Now iOS 12 has a password manager API which allows you to
access passwords stored in third-party password managers but I’ll come back to
using 1password with iOS 12 in a future show. I could select that but
we’ll put it back as 99. Okay, that’s fine and we’ll say Next. Now I don’t want customise this. I’m just going to go
ahead and say sign up. Now you’ll need a password. So if I tap on password, tap on passwords here and now I can suggest a new password. There’s my suggested password. One thing to point out though because this screen is
just showing the password when it keeps this strong password, it won’t keep my user account as well. It won’t keep my username as well, I might need to go in and change that but we’ll say use suggested password. It’s fine, we’ll say next. And we’ll skip all these
setting up screens. Okay and we’re in. Let me log out. So we’ll log out. Now before I try to log in again, let me just go across to Settings. And if I go down to
passwords and accounts, go to website and app passwords, I use Touch ID to get in, if I look at Twitter, there’s an account
that’s just been created. Yeah it’s not included my username, so I can easily amend that. In some cases it might,
if the login screen includes both your username and password, you wouldn’t have to
go through this process but let me just step put this in. Okay, that should be fine, we’ll say Done. I can come out of here. I can go back to Safari and let’s go ahead and login this time. Tap on here. Password for this website, use Touch ID, and Login. Okay, so that’s using Safari. If I come out of here, in fact,
let me logout from Safari. I’m out of here, if I
use the Twitter app now, let’s try and login directly
using that new password. So immediately it’s found,
passwordformobile.twitter.com, it’s found my username
here, so we’ll tap that. And we use Touch ID and then I can now log
in using the credentials that we’ve just saved from the web. We’ll say allow and allow. And again I won’t go
through the setup process. There is another new feature for passwords which is Password Reuse Auditing. It’s extremely bad practise
to use the same password across multiple websites. But if a password is
compromised on one website, then all the websites where
you’ve used the same password can be compromised and
there’s a new mechanism within iOS 12 that
enables you to manage this to a certain degree. Now the issue with this
particular user account, is it’s a demo user account, so I am guilty of using the same password but it’s only for demo purposes but that works out quite
well in this instance. So if I go into settings. If I go back into website
and app passwords, and I use Touch ID to view. Now you’ll notice there are a few of these that have got these
little exclamation marks. So if I just go down, let’s
find one and it’s getpocket.com, the exclamation points
just mean if I tap in, and you’ll see below
change password on website, reusing passwords across
different websites is not safe. The password is also used
on live.com, parallels.com, and two more. So this is a demo account
that’s got the same password. I can now use this to go
ahead and access the website and change the password. So if I go ahead and say
change password on website and I login. Email or username. We tap into there. I’m actually going to change my password for my SEO demo account. That allows me to login. I can go up to here. I can go to Options. I can go to Edit Profile, change password, confirm your existing password. So it’s my SEO demo at icloud.com password I want to put in, and the new password, right, I’ve got this box down at the bottom now, iPad created a strong
password for this website, use strong password. I’ll select that, say Save Changes and my information has been updated. And that new strong
password has now been put into my iCloud keychain
for synchronisation. A brand new feature to iOS 12 is a security code autofill and this allows you to streamline
two-factor authentication log ons with SMS codes. However, I would strongly recommend that if you use two-factor authentication and the service that you’re using gives you an option not to use SMS, perhaps using an Authenticator app such as 1password or Google Authenticator that you go with that option, SMS really isn’t a very secure way to do two-factor authentication. But to give you an
example how it would work if you haven’t got the option of using an Authenticator app. So I’ve come across to my iPhone 10 which has a SIM in, so I
choose it as standard phone. I’m going to log on to
my MailChimp service which is the service I use
to generate the newsletters and I’ve configured it
temporarily to use SMS. So let me show you how this would work. So if I go to Safari, it’s taking me to the
MailChimp login page, so at down at the bottom,
I’ve got an optional ready-to-use SC online
which is my extended login. Again stored in my iCloud keychain, so I’ll select that. Use as face ID, everything is fine, we’ll say Login. Right, so we now need to send a code across to this phone
to enable me to get in. This is two-factor authentication. If I send the code, and then I wait, now unfortunately, the
notification has just come through on my Apple watch so it’s
not appeared on the screen but if I just scroll up, there we go. For messages 092491, now I don’t need to remember that, I can just tap here, paste it in for me, tap login, and I’m now logged in. So now I’m going to log back in on my Mac and switch off SMS authentication and go back to using the 1password app. And finally there is an
option to share passwords, if I come out of here. I go into settings. If I go into my password and accounts and if I go into website
and app passwords. So this top entry here, about me, if I tap into here. Now if I wanted to share
this with say my demo iPhone or my demo iPad, all I would need to do is tap on password and you’ll see there’s a
new option now for AirDrop. So if I tap on AirDrop, it will now see who’s around, so my iMac pro SEO is the demo machine. So if I tap on there, I can here across on my
Mac and also on my iPhone. I’ll just tap accept on the other device and that’s now stored
in these safe passwords on the other machine. A nice easy way for you
to transfer passwords between devices not on the same account. So that’s it for this week’s tip video, looking good iOS privacy
and security with iOS 12. We’ll be back on Friday with a fault ScreenCastsOnline tutorial, so we’ll to you then. (music)

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *