5 Things to Do Right Now to Secure Your Phone
Your phone holds your entire life — your email, your banking apps, your photos, your messages, your Singpass. If someone got into it, they wouldn't just read your texts. They could reset your passwords, drain your bank account, and lock you out of everything.
The good news? Securing your phone properly takes about 10 minutes, and most of it you only have to do once. Here are the five things that actually matter — skip the rest.
1. Turn on a strong screen lock (2 minutes)
If your phone only uses a 4-digit PIN — or worse, no lock at all — fix this first. A 4-digit PIN has only 10,000 combinations and can be guessed or shoulder-surfed easily.
Switch to a 6-digit PIN at minimum, or better, an alphanumeric password. And turn on biometrics (fingerprint or face unlock) for convenience so you're not typing it constantly.
On iPhone: Settings → Face ID & Passcode → Change Passcode → Passcode Options → Custom Numeric Code (6+ digits)
On Android: Settings → Security → Screen lock → PIN or Password
While you're there, set your phone to auto-lock after 30 seconds of inactivity. A phone that stays unlocked on a cafe table is an open door.
2. Turn on two-factor authentication for your main accounts (3 minutes)
This is the single most powerful thing you can do. Two-factor authentication (2FA) means that even if someone steals your password, they still can't get in without your phone.
Turn it on for these three first, in order:
- Your primary email — because whoever controls your email can reset every other password you own
- Your banking apps — most Singapore and Malaysia banks already enforce this, but check
- Your social media — these get hijacked constantly and used to scam your contacts
Where possible, use an authenticator app (like Google Authenticator or Microsoft Authenticator) rather than SMS codes. SMS can be intercepted through SIM-swapping scams, which have hit victims across the region.
3. Review your app permissions (2 minutes)
That free torchlight app does not need access to your contacts, microphone, and location. Many apps quietly collect far more than they need — and some sell that data.
Take two minutes to audit what your apps can access:
On iPhone: Settings → Privacy & Security → tap through Location, Camera, Microphone, Contacts
On Android: Settings → Privacy → Permission Manager
Look for anything that doesn't make sense — a game with microphone access, a wallpaper app reading your contacts — and switch it off. Your phone keeps working fine; the app just loses access it never needed.
4. Set up "Find My Phone" and remote wipe (2 minutes)
If your phone gets lost or stolen, this lets you locate it, lock it, or completely erase it remotely so a thief can't access your data.
On iPhone: Settings → tap your name → Find My → Find My iPhone → turn it on
On Android: Settings → Security → Find My Device → turn it on
Test it once now: go to icloud.com/find (iPhone) or android.com/find (Android) from any browser and confirm your phone shows up on the map. Knowing this works gives real peace of mind.
5. Update your phone — and turn on auto-updates (1 minute)
Those software updates you keep postponing? They're not just new emojis. Most updates patch security holes that hackers actively exploit. A phone running outdated software is a known, documented target.
Update now, then turn on automatic updates so you never have to think about it again:
On iPhone: Settings → General → Software Update → Automatic Updates → on
On Android: Settings → System → Software update → enable auto-download
Your 10-minute phone security checklist
| Task | Why it matters | Time |
|---|---|---|
| Strong screen lock + biometrics | First line of defense | 2 min |
| 2FA on email, banking, social | Stops password thieves cold | 3 min |
| Review app permissions | Cuts off data leaks | 2 min |
| Find My Phone + remote wipe | Protects you if it's stolen | 2 min |
| Update + auto-updates on | Closes known security holes | 1 min |
The bottom line
You don't need to be a tech expert or buy expensive software. These five steps cover the vast majority of real-world phone threats, and they take less time than your morning coffee.
Do them once, and your phone goes from an easy target to a genuinely hard one. That's usually enough — most attackers simply move on to easier prey.
If you found this useful, the best thing you can do is help one less-tech-savvy person in your life set these up too. Your parents, especially, will thank you.
Next up: Why your work login is the most dangerous password you have.
Written by a cybersecurity professional working in Identity & Access Management in Singapore. LockItDown.blog explains digital security for real people — no jargon, no fear, just fixes.