The government hack of an iPhone used by a San Bernardino killer serves as a reminder that phones and other electronic devices aren’t impenetrable vaults.
While most people aren’t targets of the NSA, FBI or a foreign government, hackers are looking to steal the financial and personal information of ordinary people. Your phone stores more than just selfies. Your email account on the phone, for instance, is a gateway to resetting banking and other sensitive passwords.
Like washing your hands and brushing your teeth, a little “cyber hygiene” can go a long way toward preventing disaster.
Lock you phone with a passcode
Failing to do so is like leaving your front door unlocked.
A four-digit passcode – and an accompanying self-destruct feature that might wipe a phone’s data after too many wrong guesses – stumped the FBI for weeks and forced them to bring in outside help. Using six digits makes a passcode 100 times harder to guess. And if you want to make it even harder, you can add letters and other characters to further increase the number of possible combinations. These are options on both iPhones and Android.
The iPhone’s self-destruct feature is something you must turn on in the settings, under Touch ID & Passcode. Do so, and the phone wipes itself clean after 10 failed attempts. But the 10 attempts apply to your guesses, too, if you forget your passcode, or if your kids start randomly punching in numbers. Android has a similar feature.
Both systems will also introduce waiting periods after several wrong guesses to make it tough to try all combos.
Biometrics, such as fingerprint scanners, can act as a shortcut and make complex passcodes less of a pain.
Much to the FBI’s displeasure, iPhones running at least iOS 8 offer full-disk encryption by default. That means that the information stored on the phone can’t be extracted – by authorities or by hackers – and read on another computer. If the phone isn’t unlocked first, any information obtained would be scrambled and unreadable.
With Android, however, you typically have to turn that on in the settings. Google’s policy requires many phones with the latest version of Android, including its own Nexus phones, to offer encryption by default. But, according to Google, only 2.3 per cent of active Android devices currently are running that version.