Last time I wrote I spoke at some length about passwords, and why you should use a password manager. The nice thing about sophisticated password managers like 1Password is that they usually provide a way to make your passwords shared across your various devices — laptops, desktops, tablets, phones and even smart watches. The big drawback to that is that there is some risk of your passwords being exposed if your device is stolen or used by someone else.
It’s not only passwords that are a problem with mobile devices. For convenience we usually have them set up so that things like email, calendars, contacts, and social media sites are left logged in and open. It’s a nuisance to have to login to them again after you open your phone up.
You can see where I’m going with this. Lets say your phone is stolen… are you really comfortable that some stranger is poking around your mail, contacts, messages, and Facebook? That’s leaving aside the good chance that even more critical information is stored on your phone, like banking logins. For better or for worse our mobile devices and our mobile lifestyles mean that we are carrying an enormous amount of very sensitive information about ourselves around in our pockets or backpacks.
Like anything else in our complicated modern life, there’s good news, and there’s bad news. The good news is that recent versions of the operating systems for Apple, Windows and Android devices make it easier to lock down your devices. The bad news is that Apple are well ahead of the pack in making this easy for the consumer — while Windows is catching up fast, the highly diverse world of Android phones and tablets means that the consumer experience varies wildly.
On that basis, I’ll give you some general guidance on the sorts of things you should be doing, and if you need specific guidance for your own devices please reach out to me directly and I’ll try to point you in the right directions.
First up, and most important — lock your devices. Lock your phone, lock your smart watch, lock your tablet, lock your laptop. Modern devices (or rather the operating systems that run on them) provide options to lock themselves automatically after a period of inactivity, and you should take advantage of this. If you can turn on automatic locking, set it up to lock after a very small amount of idle time — as little as 1 minute for phones and tablets, and 5 minutes for your laptop.
The implication of this is of course that you need to add a passcode, pin or password to your devices. Because this is a “master” password, it needs to be something memorable to you, but avoid making it too short. PINs should be more than 4 numbers if possible, and passwords or passphrases something difficult to guess. Avoid pet names, child names, birth dates, your favourite football club… sorry, there’s no way to make this part of it easy, and the tougher you can make it for a bad guy to guess, the safer you will be.
Because logging into a mobile device, or even a laptop, can be annoying if you have a strong password or PIN, a lot of manufacturers are turning to biometric information — fingerprint readers and facial recognition in particular. If you can use these to lock and unlock your device, you’re in a great place (as long as you do lock your devices!) because they make it super easy for you to unlock the device and almost impossible for someone else to unlock it.
The next thing is encrypting your device. Sorry, but your experience here is going to be varied depending on what the device is, but it’s pretty important, particularly if you travel.
Why is it so important? If the device is encrypted, it makes it incredibly difficult for the bad guys to extract information from it. Note that I said difficult and not impossible — if someone nefarious has physical control of your phone, laptop or tablet while it is turned on, there is probably a way for them to get information of it. The good news is that this is getting harder all the time, and for many devices even the FBI or GCHQ would face difficulty in reading whats on them — and if the FBI or MI5 is trying to read your phone, keeping Facebook private is the least of your worries.
First up, Apples recent phones and tablets automatically encrypt themselves using the PIN or biometrics you provide. The EFF has a good guide on how to turn this on, and it’s pretty well bullet proof. Similarly, turning on disk encryption for Macintosh laptops and desktops is very easy — go to Preferences and use FileVault under “Security and Privacy”.
Next, encrypting Android devices is pretty dependent on the model of phone/tablet, and on how new they are. Recent devices generally have a way of encrypting themselves very similar to iPhones, but older devices may not.
Finally, encrypting Windows hard disks is pretty dependent on the operating system version in use. Prior to Windows 10, you either relied on having an “enterprise” version with BitLocker installed, or else had to buy some third party product. Windows 10 simplifies this somewhat, and you may have BitLocker installed. If you have a “home” edition installed, then it should provide a facility called “Device Encryption” — this is a bit techy to get set up, as guides like this one show.
One final tip, particularly for travellers. If you are leaving your phone, tablet or laptop behind in your hotel room, gym locker, or somewhere else where you cannot keep an eye on it: turn it off. If you have added a lock to the device with a strong passcode and/or biometrics, and you have encrypted the device, then in the powered-down state it’s a lump of inert silicon, glass and aluminium.
If your powered-down, encrypted, password-locked phone is stolen from the gym locker, you can be confident that it’s a damned nuisance, but your private information is staying private. Unless MI6 has pinched your phone, in which case please don’t get me involved!