Passwords and Security for your phone.
I was watching a YouTube video recently where the presenter mentioned that someone had acquired a copy of his phone sim code and then got into his social media profile. I then heard on the TV of an Australian who had her data stolen (not the phone) and somehow they then had access to her bank account. Not only that, they were able to cancel her account with the telephone service provider so she had a phone she also could not use.
Not sure how, I thought the sim card only contained contacts, not the actual phone content. It got me thinking though, and I thought I would share my thoughts.
I pondered the question, how easy would it be for someone who simply stole my phone to access my data?
Most phone apps don’t require logging in unless you make a point of always logging out when you close down. Some apps simply don’t have a logout option.
If someone can access your email, then they can simply ask for a password reset for most important sites.
Two tier access is great but it is not helpful if thieves have the phone.
Whilst a pin lock on the phone is a pain, I feel it is a good idea. However, I guess it can eventually be broken. However, it should give you time to change important passwords and advise your telephone provider to get a stop on the phone number.
How to make it harder for thieves
Therefore, to be on the safe side I decided to try and work out how I could overcome most security issues and this is what I came up with.
- A VPN helps deter trying to steal data from external sources as it turns your data stream into gobblygook. So it is a great way to stop external probes.
- When using your email address to log into sites, join newsletters and downloads use one that you do not have an app for on your phone. Use the web option for this email so that if people have your email, they cannot easily log in. I have one Gmail account that I only use on my phone and nowhere else.
- Set up an email address on a platform that is only used for important accounts with very secure systems such as banking. This email address can be used as an alternative address to reset passwords on major sites but not given out to log in. The access again should only be online. I have used yahoo for this.
- Have a different password for each of your email accounts and don’t use these anywhere else on the web.
- If you have a modern PC, your outlook password will be the same as your computer login, so don’t use it anywhere else.
- Have a password that relates to your financial accounts and that varies by one or two letters so that each is very slightly different but the base is the same.
- Make your passwords 10-12 characters long. Include numbers, small and capital letters and at least one non-alpha numerical character.
- When storing passwords and usernames in your diary at home, use a code to determine the secret. For example, the code cat could be your code for an old pet Fluffy.
- Use a password for your social media accounts that varies by one or more letters so slightly different for each and again, not used anywhere else.
- Set up a password for general important sites. This could be membership sites, where they are likely to have some safeguards against hackers.
- Set up a password for everything else. This should be used for sites that even if someone obtained access, no harm could be done.
- As Google uses your Gmail account for Google Plus and YouTube, it is recommended that you use another provider for the email address you use for every day and forward it to your Gmail account.
Once I worked out my passwords, I am starting to going through all my favorites and changing the recovery email where possible and updating the login password. Some usernames cannot be changed, so in future when choosing a username I will think carefully about security as well. I will continue to go through all sites I regularly use and then those in my ‘black book’.
Google has smart lock within google account which you can use to store non-critical usernames and passwords. Lastpass also is a free online tool, however, I have found it needs a little more setting up as it does not always record your password changes. I like that Google auto sign can be turned off.
A big job, but I feel it is a necessary one. Any other tips you feel would be helpful to secure your data? Please feel free to pass them on in the comments.