I also recommend turning off access to Siri and Passbook when your device is locked. This will prevent an attacker from getting into a lot of your data; if Siri can be accessed from a locked device, then an attacker could just say, "Siri, what appointments do I have today?" for example. I write more about Passbook below, but if you're using it for anything important (such as payments or boarding passes), this setting will prevent an attacker from getting access to that data when the device is locked. Note that these are not the default settings, so you need to change them if you want to lock attackers out in this way. (Both of these things can be done on the Passcode Lock screen of General Settings.)

Now, how about all those ? What are the security pitfalls for a consumer to avoid there? I'm glad you asked.

Let's start with Passbook. You can store movie tickets, boarding passes, payment credentials and a slew of other types of data in Passbook, provided that your vendor's app supports it. Passbook promises to be a convenient, single place to store things like that so that you can quickly access the bar-code data when you're at a movie theater, supermarket, airport and so on.

So how secure is Passbook? Well, it's brand new, so the jury is still out. Any application that touches our finances needs the highest levels of security. Encryption of the user data is a minimum requirement. Does Passbook adequately encrypt that data so your passes are protected on a lost or stolen device? hasn't said. It needs to; with Passbook, it can't afford to display the cavalier attitude toward security that it sometimes has demonstrated.

In any event, the fact that a Passbook pass can be displayed on a device's lock screen means that Passbook isn't (at least by default) using the strongest built-in encryption supported by the platform. This reinforces my recommendations to use a strong passcode and to turn off access to passes on a locked device.