Unboxing a new phone is fun - fast, clean, and full of promise. It's also the best moment to lock down your digital life. The factory defaults prioritize convenience and compatibility, not privacy or security. Spend 10–20 minutes now to change a few settings and you'll avoid weeks of follow-up work if something goes wrong.

Below are 10 settings to change right now (step-by-step), a printable one-page checklist you can stick on your desk, and a quick note on how Ivy's tools fit into the rescue and maintenance workflow. This is practical, not scary - do the ten items in order and your phone will be far safer.

Order matters. Do these steps in sequence; some later steps assume earlier ones are finished.

1. Turn On Automatic OS Updates

Why: Security fixes are pushed via OS updates. Delaying them leaves known vulnerabilities open.

What to do: Settings → Software Update → Enable automatic updates. For Android: also check Play Store app auto-update.

Tip: If a vendor offers security updates separate from full OS upgrades, enable those too.

2. Set a Strong Screen Lock (Not a 4-Digit PIN)

Why: Screen lock is the first physical defense against unauthorized access.

What to do: Use a longer numeric PIN or (better) biometrics + strong PIN/passphrase fallback. Avoid "1234" or simple patterns.

Note: Biometrics are convenient - combine them with a strong fallback PIN for the best balance.

3. Enable Device Encryption

Why: Encryption protects data at rest if the device is stolen.

What to do: Modern phones enable encryption automatically; verify in Security settings. For older devices, enable storage encryption manually.

Tip: Ensure you know your passphrase; encrypted devices protect data only if the lock is strong.

4. Set Up a Secure Cloud Backup (and a Recovery Plan)

Why: Backups let you recover quickly if you wipe the phone or it's lost.

What to do: Enable encrypted backups in your phone's cloud service (iCloud/Google) and verify backup settings (contacts, messages, photos). Store backup credentials in a password manager and ensure you have a recovery lead (family / trusted contact).

Tip: Don't use a shared family account for backups unless that's intentional. Use separate, secure restore credentials.

5. Install Apps Intentionally and Set Permissions

Why: App permissions are powerful; many apps ask for more than they need.

What to do: Install apps from official stores only. After install, go to Permissions and deny everything not necessary (especially location, microphone, camera). Periodically review permissions.

Tip: Use the "only while using the app" option for location when available. For a complete permission-by-permission breakdown covering location, camera, mic, accessibility, SMS, and more, see our Permission Deep Dive.

Setting up a kid's phone? Our Kid-Proofing the Internet guide has 8 app-store rules for vetting apps, managing permissions, and running monthly family app checks.

6. Enable and Prefer an Authenticator App for 2FA

Why: Authenticator apps (not SMS) are safer for two-factor authentication.

What to do: Install a trusted authenticator app and migrate critical accounts (email, bank, social) to app-based 2FA. For accounts that force SMS, consider a virtual phone for non-critical signups.

7. Turn Off Ad Tracking and Limit App Tracking

Why: Reduce persistent tracking across apps and sites.

What to do: iOS: Settings → Privacy → Tracking → Toggle off "Allow Apps to Request to Track." Android: Settings → Privacy → Ads → Opt out of ad personalization. Also review app-level trackers where possible.

8. Set Up a Password Manager and Enable Autofill Securely

Why: Strong, unique passwords are the best protection against account takeover.

What to do: Install your password manager, create a strong master passphrase, and enable autofill for passwords. Add your primary accounts (email, bank) first and enable breach notifications. Ivy's password manager and breach detection can help prioritize fixes later.

9. Register Device Recovery and Set Account Recovery Options

Why: Recovery info (backup email / phone) is how you get locked back in - make it secure.

What to do: In your email and major accounts, verify secondary recovery addresses and add an authenticator app. Avoid using the same phone/email you use for low-trust services as recovery channels. Consider using a virtual phone for signups you don't want as recovery.

10. Configure "Find My" & Enable Remote Wipe

Why: If the phone is lost or stolen, remote wipe and location are essential.

What to do: Enable Find My iPhone / Find My Device and ensure remote wipe is active. Test the find feature briefly. Add a trusted contact for device location sharing if needed.

Quick Bonus Steps

If you have a few extra minutes:

  • Disable Smart Lock/auto-unlock features that trust locations or devices.
  • Review installed apps and remove bloatware.
  • Configure Do Not Disturb for sleep to avoid distraction and reduce social engineering via urgent messages.

How Ivy Helps

  • Risk CheckupOnce your phone is set up, run a Risk Checkup to find exposed accounts and reused passwords that could be problematic if your phone is lost.
  • Masked Emails / Virtual Phone / Virtual CardsUse these tools when signing up so that even if an app is later compromised, your primary recovery channels remain private.
  • Site ScannerCheck unfamiliar app stores or merchant sites before entering payment details from your new phone.

A Few Minutes Now Save Hours Later

Run through the 10 settings, download the printable checklist, and for ongoing hygiene, run a monthly Risk Checkup or automate protections with Ivy's identity tools. Your future self will thank you.

Start here - getivy.ai/new-phone.