Tin hats news. iPhone passcode and 1Password

Lots in the news about cracking iPhones. Here’s some net net advice

  1. Let us all hope that iOS 10 not only signs updates with their key but also encrypts with the user passcode. 
  2. For the current iPhone the easy thing to do is to use TouchID and then bump up the passcode from 4 digits to custom alphanumeric. Go to the same length as your computer codes. Hopefully 12 char actors random or 7 random words. 

  3. Disable iCloud backup. That isn’t secure. Most of the time you don’t need that anyway. If u do want to backup revert to iTunes backup and use another strong key. I don’t know why people need backup anymore. I suppose for you iMessages?

Then normal security thoughts

  1. 1password continues as recommended password manager. Use a strong key and write it down. Because they cat recover it. Also if u don’t use windows or Linus sharing then u can use opvault file format and not the less secure agile format. I’m probably going to move my vaults into iCloud as a result and leave the shared ones on Dropbox. 

  2. Get a vpn. Private internet access has been working well across windows, iOS, Mac and Linux. It is nice to have end to end vpn. 

  3. For sensitive stuff us tor on windows and Mac. U can’t use for iOS but they do have a proxy into tor. 

  4. Use signal or wickr for really sensitive communications. iMessage isn’t too bad in a pinch although apple has those keys.