Introduction
Let me tell you about a notification that ruined my entire week.
Last year, on a Tuesday evening, I was sitting in my living room in Karachi. The monsoon rains were pouring outside. I was watching a food show on my laptop, not really paying attention to my phone. My phone was lying face down on the cushion next to me.
Then the screen lit up. A notification appeared that made my heart stop.
"Your Apple ID has been used to sign in to a new device. Location: Faisalabad."
I live in Karachi. I have no family in Faisalabad. I had not traveled there in over two years. I was not trying to sign into any new device. Someone else was using my password to try to get into my Apple account.
My hands started shaking. I grabbed my phone. I opened my Apple settings as fast as I could. I changed my password immediately. I checked my bank apps. I checked my email. I checked my social media. I checked my cloud storage, where all my photos are saved.
Everything was still there. The hacker had not gotten in. I was lucky.
But I could not sleep that night. I kept thinking about what could have happened. My photos from the last ten years. My messages with my mother and sister. My notes have all my important information. My saved credit card details. All of it could have been stolen in seconds.
The next morning, I decided to learn everything I could about phone security. I spent hours reading articles from security experts. I watched videos from cybersecurity professionals. I learned that most people never turn on simple settings that could stop these attacks completely.
Today, I am going to show you three security settings that you must enable on your phone right now. They take less than two minutes to set up. They cost absolutely nothing. They work on both Android phones and iPhones. And they could save you from losing everything.
Setting Number One: Add a Second Barrier to Your Accounts
Security experts call this two-factor authentication. But the idea is very simple.
Think about how you normally log into an account. You type your username. You type your password. You click login. That is it. Just one barrier between a hacker and your private information.
When you turn on two-factor authentication, you add a second barrier. After you type your password correctly, the service sends a short code to your phone. You must type that code before you can get into your account.
This means that even if a hacker somehow gets your password, they still cannot get into your account. They would also need to have your phone. Your phone stays with you. Your phone stays safe.
Let me explain it another way. Imagine your online account is a house. Your password is the key to the front door. Two-factor authentication adds a second lock on the door. The key to that second lock is your phone. A thief might copy your front door key. But they cannot copy your phone. Your phone is in your pocket.
How to turn on two-factor authentication for your Google account.
Open your web browser on any computer or on your phone. Go to myaccount.google.com. This is Google's main account management page. Sign in if you are not already signed in.
Look at the menu on the left side of the screen. Click on "Security." This takes you to all your security settings.
Scroll down until you see a section called "How you sign in to Google." Look for the line that says "2-Step Verification." Click on it.
Click the button that says "Get Started." You will need to enter your password again. This is for your safety.
Now add your mobile phone number. Make sure it is the number you currently use. Choose whether you want to receive codes by text message or by automated phone call.
Google will send a six-digit code to that number. Enter that code on the screen. This confirms that you have access to that phone number.
Google will then show you a set of backup codes. These are very important. Save these codes somewhere safe. You can print them out. You can write them down on paper. You can save them in a password manager. You will need these codes if you ever lose your phone or change your phone number.
That is it. Your Google account is now protected by two-factor authentication. Anyone who tries to sign in from a new device will need to enter a code from their phone.
How to turn on two-factor authentication for your Apple account.
If you have an iPhone, the process is different but still simple.
Open the Settings app on your iPhone. It is the gray icon with gears on it.
Tap on your name at the very top of the screen. This takes you to your Apple ID page.
Tap on "Password and Security." This is usually about halfway down the page.
Tap on "Turn on Two-Factor Authentication." Tap "Continue" on the next screen.
Add your mobile phone number. Make sure it is the number you currently use.
Apple will send a verification code to that number by text message. Enter that code on the screen.
Apple may also ask you to enter the password for one of your other Apple devices. If you have an iPad or a Mac, you will need to enter that device's password. If you do not have another Apple device, you can skip this step.
That is it. Your Apple account is now protected by two-factor authentication.
I turned on two-factor authentication for both my Google and Apple accounts the morning after that scary notification. I have not received a single suspicious login alert since. The peace of mind is worth the two minutes it took to set up.
Setting Number Two: Make Your Phone Findable From Anywhere
Phones have a way of disappearing. They fall out of pockets when you are getting out of a rickshaw. They get left on tables in crowded restaurants. They slip between sofa cushions and get forgotten. They get stolen from bags in busy markets or from pockets on crowded buses.
When your phone vanishes, you want to be able to find it. You also want to be able to lock it from far away so that no stranger can see your private information. And if you know you will never get it back, you want to be able to erase everything on it so that your photos, messages, and personal data do not end up in the wrong hands.
Both Android and iPhone have built-in features that do exactly these things. They are free. They are easy to set up. Most people never turn them on.
How to turn on Find My Device on Android.
Open the Settings app on your Android phone. The location of the setting varies depending on your phone brand.
On Samsung phones, go to Settings, then tap "Security," then look for "Find My Device."
On Xiaomi phones, go to Settings, then tap "Google," then look for "Find My Device."
On other brands, you can also search for "Find My Device" by tapping the search icon at the top of the Settings screen.
Once you find it, make sure the toggle switch is turned ON. It should be blue or green, not gray.
Now go back to the main Settings screen. Tap on "Location." Tap on "App Permissions." Look for "Find My Device" in the list of apps. Make sure it is allowed to use your location. I recommend setting it to "Allow all the time" so that it works even when you are not actively using the app.
To test that everything is working correctly, open a web browser on any computer or on another phone. Go to android.com/find. Sign in to the same Google account that you use on your phone. You will see your phone's current location displayed on a map. You will also see options to make your phone ring loudly, to lock your phone, or to erase all data from your phone.
How to turn on Find My iPhone on Apple devices.
Open the Settings app on your iPhone. Tap on your name at the top of the screen. This takes you to your Apple ID page.
Tap on "Find My." Then tap on "Find My iPhone."
Turn on the switch for "Find My iPhone." It should be green.
Then also turn on "Find My network." This feature allows your phone to be found even when it is not connected to WiFi or mobile data. It works by using Bluetooth signals from nearby Apple devices. Even if your phone is offline, other Apple devices can detect it and report its location to Apple.
Also, turn on "Send Last Location." This feature automatically sends your phone's location to Apple when the battery level becomes critically low. If your phone dies, you will still know where it was when it died.
To test that everything is working correctly, open a web browser on any computer. Go to icloud.com/find. Sign in to your Apple account. You will see your phone's current location displayed on a map. You will also see options to play a sound on your phone, to lock it, or to erase all data from it.
Let me tell you a true story. A friend of mine named Bilal left his phone in a rickshaw in Karachi. He realized it about twenty minutes after getting out. He borrowed another phone from a shopkeeper. He went to android.com/find. He signed into his Google account. He watched his phone move through the streets on the map. He tracked it to a specific neighborhood about five kilometers away. He took his brother and went there. They found the rickshaw parked outside a house. They knocked on the door. The driver was surprised but returned the phone.
Without Find My Device turned on, that phone would have been gone forever. Bilal would have lost all his photos, all his contacts, all his WhatsApp messages, everything.
Setting Number Three: Control What Your Apps Can Access
Every application you install on your phone asks for permission to access different parts of your device. Your camera. Your microphone. Your location. Your contacts. Your photos. Your calendar. Your fitness data.
Many applications ask for more permissions than they actually need to function properly.
A weather application needs your location so it can tell you the weather where you are standing. That makes perfect sense.
A simple calculator application does not need to know where you are. A game does not need access to your contacts. A flashlight application does not need to use your camera. A photo editing app does not need to know your location.
When an application has permission to access something on your phone, it can potentially send that information to its own servers on the internet. Most legitimate applications do not do anything bad with your information. But some applications might. You have no way of knowing for sure.
The safe approach is to give each application only the permissions it genuinely needs to do its job. Nothing more.
How to check and change app permissions on Android.
Open the Settings app on your Android phone. Tap on "Apps" or "App Manager." The exact name varies by phone brand.
You will see a list of all the applications installed on your phone. Tap on any application that you want to check.
Tap on "Permissions." You will see a list of what that application is currently allowed to access.
For each permission, you can choose "Allow only while using the app," "Ask every time," or "Deny."
Here are my personal rules for app permissions.
For messaging applications like WhatsApp, Messenger, and Telegram, I allow access to contacts, the microphone, and the camera. These apps need these permissions to work properly. Without contacts, you cannot see who is messaging you. Without a microphone, you cannot send voice notes. Without a camera, you cannot take photos within the app.
For games: I deny every single permission. Games do not need my camera. Games do not need my microphone. Games do not need my location. Games do not need my contacts. Games do not need my calendar. If a game asks for any of these permissions, I become suspicious and often uninstall it.
For social media applications like Instagram, Facebook, and TikTok, I allow the camera and microphone if I take photos or record videos inside the app. I deny location access unless I specifically want to tag my posts with where I am. Most of the time, I do not need to tag my location.
For flashlight applications: I deny every permission. Better yet, I do not install flashlight applications at all. My phone already has a built-in flashlight. I can turn it on by swiping down from the top of my screen and tapping the flashlight icon. No app needed.
For shopping applications like Daraz and Amazon, I deny location access. They do not need to know where I am to show me products. I deny access to my contacts. They do not need to see who I know.
How to check and change app permissions on iPhone.
Open the Settings app on your iPhone. Scroll down and tap on "Privacy and Security."
You will see a list of permission types. Camera, Microphone, Location, Contacts, Calendar, Reminders, Photos, Bluetooth, Local Network, and more.
Tap on any permission type. For example, tap on "Camera." You will see a list of applications that have requested access to your camera. For each application, you can turn the switch on or off to allow or deny that permission.
Do the same for Microphone, Location, Contacts, and other permission types.
I recommend reviewing your app permissions once every few months. Each time I do this, I find applications that have permissions I never intended to give them. I turn those permissions off immediately.
An Extra Setting That Most People Have Never Heard Of
Your SIM card has a PIN code. Most people do not know this. By default, this PIN code is turned off on almost every phone.
Why does this matter?
If someone steals your phone, they can take your SIM card out of your phone. They can put that SIM card into their own phone. Then they can receive your text messages. This includes the verification codes that websites send you for two-factor authentication.
If you turn on your SIM card PIN, no one can use your SIM card without typing that PIN code first. Even if they put your SIM card into a different phone, they will be locked out. They will see a screen asking for the PIN. They will not be able to guess it.
How to turn on the SIM card PIN on Android.
Open the Settings app on your Android phone. Tap on "Security" or "Lock Screen." The location varies by phone brand.
Look for "SIM card lock" or "Set up SIM card lock." Tap on it.
Turn on the switch. You will need to enter the default PIN code for your SIM card.
For most mobile networks in Pakistan, the default PIN is 0000 or 1234. If those do not work, contact your mobile network provider and ask for the default SIM PIN.
After you enter the default PIN, you will be asked to change it to a new number that only you know. Do not use 0000 or 1234. Choose something that you will remember, but others cannot easily guess.
How to turn on SIM card PIN on iPhone.
Open the Settings app on your iPhone. Tap on "Cellular" or "Mobile Data." The name varies by carrier.
Tap on "SIM PIN." Turn on the switch.
Enter the default PIN code. Most networks use 0000 or 1234. After verifying the default PIN, you can change it to your own number.
Important warning:
Write down your SIM PIN code on a piece of paper. Keep that paper in your wallet or in a drawer at home. Do not store it on your phone.
If you forget your SIM PIN and type the wrong code three times, your SIM card will lock completely. You will see a message asking for a PUK code. You will need to contact your mobile network provider to get that PUK code. This process can take several days. You will not be able to use your phone number during that time.
What To Do If Your Phone Is Lost Or Stolen
If you realize that your phone is missing, do these things right away. Every minute matters.
First minute:
Use Find My Device on Android or Find My iPhone on Apple. You can do this from any computer or from another phone. See where your phone is on the map. If it is nearby, you might be able to retrieve it.
Second minute:
If you cannot retrieve your phone immediately, use the remote lock feature. This locks your phone so that whoever has it cannot open it or see your information. They will see a lock screen asking for your passcode.
Third minute:
If you are certain that you will never get your phone back, use the remote erase feature. This deletes everything on your phone. All your photos, messages, contacts, and personal information will be gone. The person who has your phone will have an empty device. This is better than letting them see your private data.
Fourth minute:
Call your mobile network provider immediately. Tell them to block your SIM card so that no one can use your phone number to make calls or receive messages.
Fifth minute:
Change your important passwords. Start with your email account. Your email is the key to resetting all your other passwords. Then change your banking app passwords. Then change your social media passwords. Then change your payment app passwords like Easypaisa and JazzCash.
I have never lost a phone myself. But I have helped several friends who did. Those who had Find My Device or Find My iPhone turned on were able to either locate their phones or remotely erase their data. Those who did not have these features turned on lost everything on their phones.
Seven Questions People Ask About Phone Security
Question one: Is it safe to use public WiFi at coffee shops and airports?
Public WiFi networks are convenient, but they are not secure. Other people on the same network can potentially see your internet traffic. If you must use public WiFi, use a VPN application. A VPN scrambles your data so that even if someone intercepts it, they cannot read it. ProtonVPN offers a completely free version that works well for basic use.
Question two: Do I need to install antivirus software on my phone?
On Android devices, yes, a reputable antivirus application is a good idea. Android allows you to install applications from outside the official Google Play Store. This increases the risk of malware. I use Bitdefender Free. It is lightweight and does not slow down my phone. On iPhones, antivirus software is less necessary because Apple strictly controls what applications can do.
Question three: How often should I install software updates on my phone?
You should install updates as soon as they become available. Software updates often include security patches for newly discovered vulnerabilities. Hackers know about these vulnerabilities. If you delay updating your phone, you remain vulnerable to attacks that have already been fixed in the latest update.
Question four: Is it safe to let my web browser save my passwords?
Browser password storage is convenient, but it is not very secure. Anyone who has access to your computer or phone while you are logged into your browser can view your saved passwords. I recommend using a dedicated password manager instead. Bitwarden is completely free and works very well.
Question five: What should I do if I receive a suspicious text message with a link?
Do not click the link. Do not reply to the message. Delete it immediately. If the message claims to be from your bank, call your bank using the phone number printed on the back of your debit card. Do not call any phone number that was written in the suspicious message.
Question six: Can someone hack my phone just by knowing my phone number?
No. Knowing your phone number alone is not enough to hack your phone. However, skilled attackers can sometimes call your mobile provider, pretend to be you, and convince them to transfer your phone number to a new SIM card. This is called a SIM swap attack. Turning on your SIM card PIN makes this type of attack much more difficult.
Question seven: What is the most common way that phones get hacked?
The most common method is phishing. You receive a text message or email that looks legitimate. It says there is a problem with your account. It asks you to click a link and enter your password. The link goes to a fake website that looks real. You type your password. Now the hacker has it. Never click links in suspicious messages. Always type the website address yourself.
My Final Advice
That notification from Faisalabad scared me more than anything else that year.
It showed me how close I came to losing everything on my phone. My photos. My messages. My notes. My payment information. All of it could have been stolen in seconds.
I got lucky. The hacker did not get into my account.
But you cannot count on luck to protect you.
Take two minutes right now. Open your phone. Turn on two-factor authentication for your Google and Apple accounts. Turn on Find My Device or Find My iPhone. Review what permissions your apps have and restrict anything that does not make sense. Turn on your SIM card PIN.
These small steps take almost no time. They cost no money. But they can save you from losing your photos, your messages, your accounts, your money, and your peace of mind.
Do not wait until you receive a scary notification like I did.
Do it now.
Related Articles
0 Comments