Safer Internet: Offline: Accounts

Summary | Account Password | Permissions | Firmware/SIM |
References: General | Android | Apple ID / iCloud |
iOS | macOS | Windows


Summary

  • [1] Set a strong account password / passcode:
    on your computer, tablet, phone to protect access:
  • to still logged-in apps, e.g., messaging, email, browser windows;
  • to files -- and encrypt also?
  • to contacts
  • to notifications, e.g., received (SMS/email) or generated (TOTP) account access codes (2FA).
  • Don't forget other devices (IoT): home security/control systems, smart speakers/TV, ...
  • [2] Setup separate accounts for each user to control access, e.g., non-admin, Parental Controls
  • [2] Use non-admin account for everyday access -- require admin password for software install & updates
  • [3] Set passwords for firmware and/or SIM
  • References

[1] Set Account Password

  • After setting a strong random password: 8+ digit PIN passcode for phone, 4+ word phrase for computers,
  • set a suitable timeout to make sure it's required when others might try to access:
  • longer: at home -- to minimize inconvenience;
  • shorter: in public or travelling;
  • immediate: when crossing border or leaving device unattended, e.g.,
  • macOS: (apple) > Lock Screen
  • There's no handy 'Lock Screen' button in the iOS Control Center;
    however, there is a workaround to display the Lock Screen and require a passcode -- maybe simpler to just shutdown device?
    in iOS 11, clicking power button quickly 5 times displayed Lock Screen-- now this sequence makes an Emergency Call
  • iOS: Settings > Accessibility > Touch > Assistive Touch: on -- enable Assistive Touch (handy if power button broken)
  • iOS: Settings > Touch ID & Passcode > iPhone Unlock: off -- disable Touch ID (so fingerprint can't be used on Lock Screen)
  • iOS: (assistive button) > Device > Lock Screen -- Lock Screen appears; passcode required
  • Limit number of login attempts? Auto-erase?
  • Add contact info maybe -- in case of loss (vs. Privacy) -- see Services: Location section
  • Avoid giving your password to to government entities who might access files, plant files or add spyware
  • -- or to tech support, esp. remote scammers; if you do, change it immediately afterwards, scan for malware, etc.
  •  macmacOS: System Preferences > Security & Privacy > Change Password
  • System Preferences > Users & Groups > Password > Change Password -- to set initial password, or change other accounts
  • System Preferences > Security & Privacy > Require password > (time)
  • Use same strong admin password for whole disk encryption, i.e., encrypt main storage disk/SSD (FileVault) and backup drive/partitions: incremental (TimeMachine), clone(Carbon Copy Cloner via FileVault) -- see Backup section
  •  iosiOS: Settings > Passcode > Turn Passcode On
  • iOS: Settings > Passcode > Change Passcode > Passcode Options: Custom Alphanumeric Code, Custom Numeric Code, 6-Digit Numeric Code
  • This code automatically encrypts your information (ditto for Android)
  • Use custom -- more than the default (4-6 digit); stronger, plus attacker won't even know length.
  • Although letters and symbols can be included, a much longer numeric PIN can be entered more easily on larger number-only keypad;
    it would still difficult to brute force, esp. if OS limits login attempts -- unless law enforcement has a bypass cracking device.
  • iOS: Settings > Passcode > Require Passcode > After x minutes/hours shorter when traveling?
  • iOS: Settings > Passcode & gt; Allow Access When Locked : Today View, Recent Notifications, Control Center, Siri, Home Control, Return Missed Calls
  • iOS: Settings > Passcode > Erase Data after 10 failed passcode attempts
  • iOS: Settings > Touch ID & Passcode fingerprint sensor on selected models, e.g., iPhone 6
  • Win: Settings > Accounts > Sign-in Options > Password > Add/Change
  • Enable whole disk encryption, i.e., BitLocker

[2] Setup separate accounts/permissions for each user

  • Admin account for installs/updates; 2nd admin backup account
  • Non-admin accounts for routine use to avoid accidental malware
  • Setup "Parental Controls" on shared computers?
  • When: now, or the next time you upgrade your OS or replace hardware, and migrate user info
  • macOS: System Preferences > Users & Groups
  • Win: Settings > Accounts

[3] Set Firmware password, SIM PIN

References

Android

Apple ID / iCloud

iOS

macOS

Windows