Apple has developed a number of technologies to protect data on the nearly 2 billion computers, phones, and tablets that are in the wild. These include:
Data Protection: This is a file encryption methodology that is used on iOS and iPadOS devices. Data Protection encrypts all of the data on a device, including the device's operating system, apps, and user data. The encryption key is stored on the device's Secure Enclave, which is a separate processor that is isolated from the rest of the device's hardware and software. This makes it very difficult for unauthorized individuals to access the device's data, even if they have physical access to the device.
FileVault: This is a volume encryption technology that is used on Intel-based Macs. FileVault encrypts the entire volume of a Mac's hard drive, including the operating system, apps, and user data. The encryption key is stored on the Mac's Secure Enclave, which is a separate processor that is isolated from the rest of the Mac's hardware and software. This makes it very difficult for unauthorized individuals to access the Mac's data, even if they have physical access to the Mac.
iCloud Keychain: This is a cloud-based password manager that stores user passwords, credit card numbers, and other sensitive information in an encrypted format. The encryption key is stored on the user's device, so it is not possible for Apple to access the user's data.
End-to-end encryption: This is a type of encryption that ensures that data is only accessible to the sender and recipient of a message. Apple uses end-to-end encryption for iMessage, FaceTime, and iCloud Mail. This means that even if Apple's servers are compromised, unauthorized individuals will not be able to read the messages that are sent or received using these services.
In addition to these encryption methods, Apple also takes a number of other steps to protect user data, such as:
Secure boot: This is a process that ensures that only trusted code is loaded when a device boots up. This helps to prevent malware from being installed on a device.
System integrity protection: This is a feature that prevents unauthorized changes from being made to a device's operating system. This helps to protect the device from malware and other security threats.
App sandboxing: This is a feature that isolates apps from each other and from the operating system. This helps to prevent malicious apps from accessing sensitive data or harming the device.
Mobile Device Management: A feature that allows organizations to revoke encryption keys at different levels, lock devices, or wipe them.
We mentioned iCloud Keychain earlier. That syncs with an app called Keychain on Apple devices (from within Keychain you can see the System Keychain, the keychain for the logged in user, and the iCloud Keychain if that's been enabled and configured for a supported account type (Managed Apple IDs are not currently supported). Apple Keychain is a password manager built initially in the System 8 era that helps you keep your passwords safe and secure. It is available on all Apple devices, including iPhones, iPads, Macs, and Apple Watches.
With Keychain, you can create strong, unique passwords for all of your online accounts. Keychain will then remember those passwords for you, so you don't have to remember them all. When you need to log in to an account, Keychain will automatically fill in your password for you. Keychain also helps you keep your passwords safe. All of your passwords are stored in an encrypted format, and they are only accessible to you. Keychain also uses two-factor authentication (2FA) to protect certain accounts (or can help use 2FA when needed.
It is easy to use. Keychain is very easy to set up and use. You can create strong, unique passwords for all of your online accounts, and Keychain will remember them for you. When you need to log in to an account, Keychain will automatically fill in your password for you.
It is secure. Keychain uses a variety of security features to protect your passwords, including encryption and two-factor authentication. Keep in mind, it's still an encrypted sqlite database, like all password managers, for all the good and bad around that.
It is available on all Apple devices. Keychain is available on all Apple devices, including iPhones, iPads, Macs, and Apple Watches (which use keychain through their paired phone or iCloud Keychain when available). This means that you can use it to manage your passwords on all of your devices.
Apple then blocks synthetic (or GUI-level automation) clicks, uses SIP to limit access to certain features, and has other technology intended to mitigate many smaller risks around people getting at data. It's a solid ecosystem. However, there is always room to get better. At Secret Chest, we added another layer of encryption that uses keys from multiple devices to force users to use at least two devices to access the secrets on their computers, tablets, or phones. This enables us to address additional threats that may come along in the future, like zero day persistent malware or new advances in cryptography, to help make the device even more secure, while retaining the elegant user experience Apple crafted. To learn more about Secret Chest and how we increase the protection on devices, sign up for our private beta at www.secretchest.io.
Comments