The iPhone security enhancements you need to know about

Apple has officially set the date for its next iPhone event as September 12, 2018. The company is expected to announce a new line-up of iPhones and perhaps some other hardware.

Of course, new phones means a new mobile operating system: iOS 12. And while iOS 12 will deliver improvements designed to increase operating system speed and fun new Animoji features and enhanced Facetime operation, there are also new security enhancements on the way.

AWS Builder Community Hub

These security features won’t make the headlines during Apple’s big day next week, but hopefully they will help enhance your security. The first and perhaps most profound change is the switch from having to manually update iOS to automated downloads and updates.

Automatic operating system updates

Previously, users would have to manually accept to download iOS software updates and accept the new terms and conditions. With iOS 12 that’s all history, as the new operating system makes it possible for any iPhone, iPad, or iPod touch to download and install automatically when the new version is released.

Some users won’t appreciate this update, and that’s understandable. It’s always risky to immediately update any application, let alone an operating system, before it’s been broadly installed and used by others. Fortunately, this is an option in iOS 12 one can turn on or off. The site idownloadblog has more on the update here, and ZDNet’s Adrian Kingsley-Hughes shared an opinion here on why he won’t be using this feature.

For many, however, the benefits of getting security updates right away is enough to take the chance.

A snazzy new Password Manager API

Also new in iOS 12 is Apple support for a new Password Manager API that will enable access to passwords stored in third-party password managers directly from the QuickType bar in apps and in Safari, according to Apple.

If you use a password manager on your phone, like 1Password or LastPass, all you need to do to get this feature is go to Settings > Passwords & Accounts and turn on AutoFill Passwords. You’ll now have two options, the first is to use both iCloud Keychain and your password management app, or turn off iCloud Keychain.

When it comes to passwords, that’s not all Apple has done to help improve how we all manage this most hated authentication method.

Improved password creation and management

In addition to better third-party password management integration, iOS 12 provides native automatic strong password creation so that unique, complex web and app passwords are created on the fly and saved within Safari and within your apps. Remembering truly complex passwords for everything we log into is next to impossible without help, and this provides another way to achieve this.

Speaking of difficulty remembering passwords, password reuse across sites remains a problem. This new version of iOS will automatically flag passwords that have been reused so users can easily see where they are doubling up and automatically generate strong alternative passwords.

Finally, at least when it comes to passwords, iOS 12 makes it a snap – through a new password sharing feature — to exchange passwords with other nearby iPhones and iPads, Macs and even Apple TV.

Improved two-factor authentication 

Apple also improved SMS second factor authentication through a tweak. Now, when you receive an SMS one-time passcode, it will automatically appear as an AutoFill suggestion so you won’t need to remember or type the code.

And while not security related, Apple’s iOS 12 has made it so Safari share buttons and comment widgets for web pages won’t track users without their permission. And Safari blocks advertisers from obtaining the unique settings of your device, making it more difficult for them to retarget ads as you surf the web.

While nothing revolutionary here, the improvements to mobile password management are certainly welcome by me, as are the privacy improvements.

*** This is a Security Bloggers Network syndicated blog from Cybersecurity Matters – DXC Blogs authored by Cybersecurity Matters. Read the original post at: