## SECURITY EXPERTS WARNING, IPHONE USERS ALWAYS BE CAUTION WHEN USING SMARTPHONES IN PUBLIC PLACES. Security experts warn that iPhone users should always be cautious when using smartphones in public places. When it comes to carrying a smartphone worth $1,000 or more in your pocket, of course you’ll want to protect it. However, this expensive device is not necessarily the most valuable asset to a thief, it is the personal data you store on it. A recent investigative report from the Wall Street Journal (WSJ) sheds light on a new way that thieves break into your iPhone to steal information: It’s passwords! According to the WSJ, thieves now start tracking as soon as iPhone users enter their alphanumeric passcode, remembering the combination of numbers / letters. They then steal the user’s phone, log in and change their Apple ID password, and lock them out of their iCloud account. An extremely effective way to protect your iPhone from hackers – Photo 1. This gives thieves time to prevent you from accessing important information and tracking your phone with tools like Find My iPhone. Once they gain access to your account, they can reset the recovery code to block any attempts to reset the changed password. An Apple spokesperson confirmed to The Wall Street Journal that the iPhone is the most secure consumer mobile device, and the company works “tireless” to prevent potential threats from emerging. “*We sympathize with users experiencing the above situation, and we always take every attack against users seriously, no matter how rare. We will continue to enhance our protections to help keep user accounts safe*.” However, iPhone users should still exercise caution when using smartphones in public. Apple has released a series of security and data protection updates in recent years, but there are a few other things you can do to protect your phone and data. Here are a few basic but very practical rules: **1. Protect your password** One of the most visible ways to prevent potential thieves from accessing your smartphone is to cover the phone screen when entering a password or avoid typing it repeatedly at once . Vitaly Shmatikov, a computer science professor at Cornell University, said smartphone users should use Touch ID or Face ID as much as possible when out in public. In case if you must use a password, then make sure it is of great complexity. “Think of your phone password like a bank card PIN: Make sure it’s long enough and hard to guess,” Prof Shmatikov told CBS News. **2. Don’t store passwords on your device** While you may want to save your passcode or complex password on your phone, desktop or tablet, try to avoid it. As this can leave you vulnerable. “*Don’t store passwords of sensitive websites and apps on your phone*,” emphasized Professor Shmatikov. Consider using a password manager – a security software application that can generate and store sensitive passwords. According to a Consumer Reports 2022 survey, about 39% (up 3% from 2019) of users use a password manager for their online accounts. Since 2019, a large number of individuals have adjusted their use of multi-factor authentication compared to the slow change among individuals using password managers or virtual private networks. Approximately 77% of users are already using two-factor authentication by 2022. **3. Set up two-factor authentication** Two-factor authentication that requires users to enter a backup security code sent to a trusted device or email before entering a password to access a website is also a tool very valuable. “*Two-factor authentication with Apple ID is required, the second factor must be a separate trusted device (such as iPad, Mac or Apple Watch)*,” said Professor Shmatikov. Many experts warn users against using SMS text messages for two-factor authentication, especially if you’re concerned about your phone being stolen. “*For sites and apps that require two-factor authentication, such as banking sites, SMS/text should not be used as a second factor. Use a verification app instead. authentication (like Google Authenticator, Microsoft Authenticator, Duo, Okta Verify, etc.) and enable biometric protection – Face ID or Touch ID required, in the authentication app*,” advises expert Shmatikov. “*Then, if a thief steals your phone, they won’t be able to get the authentication code and log into financial websites as you*”.