Now that Apple’s iOS12 is finally out and available to the public, it’s an opportune time to focus in on some of the security related features that weren’t covered in their WWDC keynote.
Here’s a quick run down of security related updates worth knowing about:
Integration with third party password managers to fill in passwords
iOS 12 can show passwords from password manager apps like 1Password and LastPass in QuickType suggestions through a new Password Manager API. We just need app developers to make use of the new API. Expect to see some app updates to fully integrate this, but basically will make password integration much easier. Great stuff!
SMS one-time passcode auto-fill
Until now, iOS users had to always switch between apps and messages in order to copy and paste a two-factor SMS authentication code with apps you’re logging into. iOS 12 will now recognise these codes when they are received, and suggest them as an autofill option. Bear in mind that SMS is not the strongest of options for multi-factor due to techniques called SIM card swapping / mobile phone porting. This is where a cyber criminal basically pretends to be you, and switches your mobile service to a SIM card in their possession, so that they then receive your messages and SMS one time codes instead of you. I therefore always encourage people to use a code generator or auth app like Authy / Google Authenticator, but if SMS is your only option at least this feature makes it much easier.
Automatic strong passwords and warnings about reused ones
iOS 12 will prompt you to create a unique, strong password within apps – that can be saved to your iCloud Keychain for easy access and autofill later on. This already works in Safari, but now Apple has extended it to any apps you might use on your phone. Additionally, iOS 12 flags passwords you’ve reused in multiple places, so you can change them in order to ensure every application or service has its own unique password.
Remember that password re-use is the most common way in which people get hacked. Your username and password might have been exposed in one of the big breaches – such as LinkedIn, Yahoo, Dropbox etc, and the cyber criminals simple try using the same credentials across multiple sites or services with the hope that you might use the same user name and password across multiple sites. A lot of people still do – so this feature is a good one.
Password sharing between nearby Apple Mac and iOS devices
You can conveniently grab a password that might be on your iOS device but not your Mac and vice versa using iOS12.
Apple already lets you share Wi-Fi passwords in a similar way, so it’s more than likely that this feature will be similar.
Siri can help find your passwords
Apple says that Siri will be able to quickly display a particular password that you request in iOS 12. Not sure how this will work securely, but will have a play and will update accordingly.
Questions / comments?
If you have any other security related features that you think are worth a mention, feel free to comment below.
Want to download iOS12 – but not sure how? Follow this guide.