5 new phone security settings that feel like secrets - Komando

5 new phone security settings that feel like secrets - Komando


5 new phone security settings that feel like secrets - Komando

Posted: 22 May 2021 03:30 AM PDT

Your phone is one of the most important devices you own, but it can do so much more that you may not be aware of. While developers push new features and settings all the time, it's usually up to you to find them.

Change can be good or bad, depending on how you look at it. Some affect your privacy, while others seek to make your life easier. Tap or click here for five new changes Google is cooking up.

Security is a top priority for your smartphone, so wouldn't it be great to know more about it? Read on for five new settings for your iPhone or Android gadget and how to manage them.

1. Two-factor authentication

A strong password is important, but there's always room for improvement when it comes to accessing your device. Two-factor authentication, or 2FA, adds another layer of security. This could be something only you know (the answer to a specific question, for example), something you have (a smartphone) and who you are (a fingerprint, facial scan, voice pattern).

If either factor isn't recognized, for example, your password or the code sent to you, you won't have access to the device. This is important if you lose your device or are signing into a new one. Here's how to enable it on your phone:

2FA for iPhone (Apple ID)

  • To turn on 2FA on your iOS device, go to Settings > [your name] > Password & Security and tap Turn on Two-Factor Authentication.
  • Tap Continue, then enter the phone number where you want to receive the verification codes.
  • Tap Next and enter the code.

2FA for Android (Google)

  • Open your Google Account and select Security.
  • Select 2-Step Verification under Signing in to Google and then Get started.
  • Now pick a method for verification: Google prompts, security keys, Google Authenticator or similar apps or a verification code sent to your phone via text or call.

2. Autofill

Two-factor authentication is a good security measure, but some people don't activate it because they don't want to deal with the extra steps involved. Autofill options make it easier to use 2FA when logging into a new device or account.

Security Code Autofill (iOS)

When you log into a new app or site with your 2FA-enabled iOS device, you no longer have to open the Messages app to get the code. Instead, the code will appear on your keyboard and you can tap it to autofill the security field. This feature is built into iOS 12 and later and there's no need to enable it. Tap or click here for more iPhone security tips.

SMS Verification Code Autofill (Android)

  • Open Settings and search Autofill. Then tap the service you want to enable it for.
  • Now open Settings again and go to Google > Verification Code Autofill and set the slider to On.
  • When using an app that supports it, tap Autofill to populate the security field.

3. Password safety

How do you know if a password is good or if it's been compromised? It could have been involved in a breach or be so common that other people are using it. Now you can check the status of your passwords and get help changing them.

Keychain password reuse auditing (iOS)

Safari stores your passwords in Keychain, accessible from your iOS device or iCloud. Your passwords are checked against a list of breached passwords, informing you if you have been compromised. This feature is turned on by default with iOS 14.

Go to Safari > Preferences > Passwords and look under Security Recommendations to see if any of your passwords were compromised. If so, you'll get a prompt to update your password with a stronger one.

Google Password Checkup

Chrome's Password Checkup feature is built into the Password Manager. Go to passwords.google.com and select Password Checkup > Check Passwords.

Here you can see which passwords have been compromised and which ones are weak and need to be changed. Tap or click here to check out similar features in other browsers.

4. Encrypted backup

You back up your stuff in the hopes that you never have to resort to using it, but it's nice to know it's there just in case. Encryption protects your precious information and adds some new features on top of that.

Encrypt iPhone backup

Encrypted iPhone backups contain information you won't find in normal backups, including saved passwords, health data, Wi-Fi settings, call history and website history.

  • On Mac with macOS Catalina 10.15 or later, open Finder. Open iTunes if you're using a Mac with macOS Mojave 10.14 or earlier or a PC.
  • Connect your iOS device to the computer and locate it.
  • Select Encrypt local backup under Backups in the General or Summary tab.
  • Create a strong password and make sure you have a way to remember it.
  • Confirm your password and your backup will start, overwriting and encrypting your previous backups.

Android backup encryption

If you're running Android 9 Pie or later, you have encryption turned on by default. It uses end-to-end encryption, which means only the person who created the data and the person who received it (both you in the case of a backup) can see the data. You can turn it off in Settings, but there's really no reason to do so.

5. Hide your photos

Ever hand your phone to someone and then regret doing so in fear that they can see photos you may not want them to? You can hide any private photos and easily access them yourself. Here's how:

Hide photos on iOS

  • Open Photos and select the photo or video you want to hide.
  • Tap the Share button then Hide to move them to the Hidden folder. You can find the Hidden folder under Utilities in the Photos app.
  • Hide the Hidden folder by opening Settings > Photos. Scroll down and toggle off Hidden Album. Now it won't show up under Utilities. Tap or click here for more hidden iPhone features.

Hide photos on Android

  • Open Google Photos on your phone and tap to select the images you want to hide.
  • Tap the three-dot menu in the upper-right corner, then tap Move to Archive. This moves your photos out of the main album.
  • To access the archive, tap Library then Archive.

Beware This Urgent New Warning For Millions Of WhatsApp Users - Forbes

Posted: 01 May 2021 12:00 AM PDT

WhatsApp had a nightmare start to 2021, which has only just settled down. But now you might see it repeat all over again. Millions of users are suddenly being warned that they will lose access to their accounts, and no-one is quite sure what happens next.

Back in January, WhatsApp threatened users with the loss of their accounts unless they agreed to a Facebook-mandated update to their terms of service. Shaken by the ensuing backlash and media frenzy, WhatsApp postponed the update until May. Well, the month of May has just arrived—the clock is ticking and your time is running out.

All those users that ignored the earlier warnings are being warned again. And you need to take this seriously—it seems that accounts really will be blocked this time and there will be no repeat of February's backtrack. Suddenly, the prospect of millions of users being locked out of their WhatsApp accounts has become very real. The platform has even published a helpful new FAQ on how to delete your account.

The key date is May 15, and if you haven't accepted the mandatory update by then, your app will change and you'll lose access to your messages. The app will likely notify you when you receive a new message, although you won't be able to read or reply to it.

This is now a serious issue for millions of users world-wide. The combination of Facebook and data worries many users, which is how this has been presented. And while the backlash in the U.S. and Europe was bad enough, in WhatsApp's seriously high-volume markets, the likes of India and Brazil, it was much worse.

MORE FOR YOU

WhatsApp has used the last two months of relative quiet to target its 2 billion users with a publicity campaign to offset any such fears. Messages remain end-to-end encrypted, the platform has assured, while explaining that this is all about enabling Facebook's business customers to chat with their own customers, you, over WhatsApp.

"We'll be doing much more to make our voice clear going forward," WhatsApp has said, and now that will be put to the test. Users that have not agreed the updated terms are beginning to see in-app warnings that these "go into effect on May 15," and that users will need to accept the terms "to continue using WhatsApp after this date."

WhatsApp confirmed to me that it has started warning people as "the update gets closer," and that this is part of the plan outlined when it delayed the first deadline.

In reality, the risks around the update itself have been overblown. If you choose to chat with businesses over WhatsApp, then you'll be doing so under different terms than with your personal contacts. Your normal messages remain secure, and Facebook isn't getting much more out of WhatsApp data-wise than it had before.

That might be the reality, but the perception is much worse. In combination with WhatsApp's privacy label, which was starkly different to its key rivals, the update has shone an awkward light on the world's leading data harvester owning the world's leading secure messenger. And many users are now wary, with tens of millions having reportedly switched to alternatives and a risk that many more may now follow.

So, what happens if you don't accept new terms by May 15? WhatsApp says it won't delete your account, despite reports suggesting otherwise, "however, you won't have full functionality of WhatsApp until you accept; for a short time, you'll be able to receive calls and notifications, but won't be able to read or send messages."

It's unclear what comprises a "short time," and whether there will be a guillotine on May 15, immediately blocking access to messages. There will likely be a new look and feel to your app—you'll see messages coming in but you won't be able to read them or reply to them or send anything new. And as the date draws near, you can assume that the warnings to accept the new terms will become ever more urgent.

"Other apps say they're better because they know even less information than WhatsApp," says WhatsApp. "We believe people are looking for apps to be both reliable and safe, even if that requires WhatsApp having some limited data."

Unfortunately for WhatsApp, the comparisons with rivals—other than Facebook Messenger, unsurprisingly—suggest it's not just "some limited data," as you can see in the chart below, published on Forbes back in January.

Ahead of May 15, WhatsApp has taken a swipe at Telegram, the biggest winner from January's backlash. "We understand some people may check out other apps to see what they have to offer," WhatsApp says, "we've seen some of our competitors try to get away with claiming they can't see people's messages—if an app doesn't offer end-to-end encryption by default that means they can read your messages."

WhatsApp is right. Leaving for Telegram over privacy fears is a nonsense. Telegram is NOT end-to-end encrypted by default, storing users' messages and media on its own cloud platform. But Signal, the other main beneficiary, an uber-secure platform part backed by WhatsApp co-founder Brian Acton, is more private and secure.

"Use an alternative if you take your own privacy seriously," security writer Mike Thompson advises WhatsApp users, advocating for Signal instead. "The reality is," says application security researcher, Sean Wright, "if you can work WhatsApp, you can work Signal." That may sound simple, but it wasn't always the case.

"Big Tech knows who your contacts are. Here at Signal, we know nothing," Signal tweeted earlier in the month, in a swipe at WhatsApp (and others) which store contact details, group names and login metadata outside end-to-end encryption. Earlier in the month, it taunted Facebook after CEO Mark Zuckerberg's cell number, which was leaked in a Facebook breach, was linked to a Signal account.

"Forcing users to accept terms and conditions is something many of us are accustomed to when it comes to accessing and using apps on our devices," ESET's Jake Moore warns, "but what we are seeing here is verging on a serious intrusion on our privacy and trust that many will not be aware of."

Ironically, this change of terms follows hot on the heels of the latest escalation in the battle between Apple and Facebook. iOS 14.5 is now live, with Apple's fabled App Tracking Transparency (ATT) now live on millions of devices. The interesting twist here, is that the greatest threat to WhatsApp's messaging dominance would have come from Apple's own iMessage if the company had decided to offer the platform to Android users as well, as it reportedly considered some years ago.

But Apple apparently took the view that this would undermine iMessage's stickiness and so it remained Apple-only. iMessage itself (not SMS texts sent over iMessage) is more secure than WhatsApp, offering multiple end-to-end encrypted endpoints, encrypted backup equivalents (subject to a user's settings) and now a sandbox.

WhatsApp and parent Facebook see iMessage as a threat—it boasts more users in the U.S., as Zuckerberg acknowledged in January. "We increasingly see Apple as one of our biggest competitors," he said. "iMessage is a key linchpin of their ecosystem—which is why iMessage is the most used messaging service in the U.S."

"I use an Android," WhatsApp CEO Will Cathcart said last month, "because if you look at WhatsApp's user base, we are very Android heavy... I really want to actually use the product in the way most people are using it, so I use an Android... You look at a place like the U.S., most people have an iPhone, and the messaging experience works better on iMessage if everyone else has an iPhone."

All of which makes speculation that iMessage is due a significant change with iOS 15 later this year, to better compete with WhatsApp, somewhat interestingly timed. Just as Facebook starts pulling WhatsApp's strings on user terms, just as Apple turns the heat up on Facebook's data-centric business model, iMessage appears to be targeting WhatsApp users with a more WhatsApp-like experience.

"Applications tracking, analyzing and profiting from our data are crossing boundaries that must be respected," ESET's Moore says. "Users not being able to use WhatsApp without agreeing to such strong measures may ignite the backlash required to urge people to move across to more privacy central messaging services."

And while that will be good news for Signal and Telegram—the security irony aside, it will also be good for Apple, with its iMessage reboot seemingly perfectly timed.

Meanwhile, for those WhatsApp users delaying on clicking "accept," if you want to continue to use the app, then you have little choice. You should do as WhatsApp says and check out some alternatives, making sure those are secure and put privacy first.

For WhatsApp users, the reality is that this is just the start. The underlying platforms supporting Facebook Messenger, WhatsApp and Instagram are being integrated. "Just think of the cost savings on development and support alone to run and support only one messaging application," Cyjax CISO Ian Thornton-Trump explains.

The network effect is beginning to kick in, and ever more of your contacts will now be on Signal, Telegram and other WhatsApp rivals. Signal continues to grow rapidly, albeit it can't analyze its traffic to understand where that growth is coming from—because it has no data. Meanwhile, Telegram continues to secure large numbers of new installs. Both platforms are well set to benefit from any May 15 WhatsApp backlash.

All of which means that the foundations for changing the messaging landscape are already in place. Just as with WhatsApp's own assault on SMS all those years ago, once the tipping point is reached, it's incredible how fast a messaging platform can grow.

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian

VPN browser extensions: Why you shouldn't use then - Tech Advisor