HOW TO: Tech Security: Part 3 — It’s a Lock

How To / Security / Tech

So far, we’ve dealt with social engineering as a threat and scanners for the credit cards in your wallet. In both cases, thieves and scammers rely to some degree on our own normal behavior.

“An ounce of prevention is worth a pound of cure.” That’s Benjamin Franklin. There are some steps we can take on our devices to make them safer and more private. And believe me, we DO want to do that. Homes can be broken into, info can be recalled from seeing it on our screen(s), the bad guys are more than willing to get into our devices any way they can.

Criminals are more ready to go to extremes to get our info than we usually are to protect it. But all we have to do is read some of the stories about things like identity theft to realize that old Ben had a point. Getting our life and finances back from identity theft can be a real horror story and not always completely successful. As the saying goes, it really is better to be safe than sorry.

Whether we’re talking about computers, phones, or tablets, it’s unanimous. Use your lockscreen and secure it with a password. This is a big subject, so let’s get started.

  1. We may think that our computer is safe without a password protected lockscreen because, unlike phones and tablets, it’s in a more private location.  Whether that’s a private business office or a room at home, you may be wrong.  There may be visitors or outside workmen whose integrity is an unknown quantity.  And very few places are totally secure from the possibility of break ins.
  2. Some devices will start with a four character passcode, much like the PINs our banks give us.  Whether it’s a computer or other device, go into the security settings and make it longer.  Each additional character makes the passcode that much more difficult to crack.
  3. Every expert I’ve ever read says we should avoid the typical for passwords.  In other words, not all numbers, not real words, not things that relate to our lives (like our dog’s name).  In fact, they suggest really screwy passcodes.  Use a mix of random upper and lower case letters, plus mixing in random numbers and punctuation marks.  And the longer the better.
  4. The previous suggestion also means we’re going to use a password manager of some sort.  Good passwords are going to be difficult to memorize.  Especially since the recommended idea is to have a different passcode for each account.  That’s going to require something to store all of them, also having password access to get at the list.
  5. There are a variety of password keepers, some free, some expensive.  Each has its own set of special features.  It’s important to take the time to figure out what balance of features and cost works best for us.  And we should know whether or not we’re going to have a device handy at all times with the list or will we need to access to our passwords in a variety of locations on different devices.

In the newer versions of Android there’s a feature called Smart Lock. Other platforms may have something similar, either built in or as a third party add-on. Smart Lock stores device passwords in the Google cloud and to some degree automates using passwords. It sounds like a nice easy way to have a password keeper that makes life easy, especially if you’re only using Android devices. But the ease of that automation has a downside. It can leave a device in an unlocked state, allowing anyone to have access to your information. So if it’s not turned on, leave Smart Lock off.  If it has already been set, turn it off.SmartLock

There are another important couple of elements to using the lockscreen. One is the timeout period. I’ve seen it suggested that phones or tablets ought be set to 30 seconds of inactivity. That’s good if a pattern, PIN or password is set and the lockscreen is set to automatically come on when the timeout period is reached. And we leave our phone sitting on a table, desk or bar without our being right there all the time.

If we use a swipe to unlock the phone, a shorter timeout is pretty useless, since anyone can unlock the device that way. But we may want it that way. If security/privacy is less of a concern than convenience, you may want a longer timeout length. My phone unlocks with a swipe and my timeout is two minutes. My phone is always on my person or (very rarely) with someone I trust. Access to my info is controlled. If I had used any of the other unlock methods, I couldn’t access messages or answer calls till those were completed.

There’s one final lockscreen setting we need to deal with. Notifications. That’s more privacy than security, but it is important. In Android, it’s possible to keep the notification bar hidden. Someone would need to physically swipe down to bring it into view. Simply keeping the phone nearby would prevent that kind of access. However, no matter what the unlock method may be, tapping the power button will light the screen. We can allow all or no notifications on the lockscreen. We just need to go into settings — it should be in the “sound and notifications” section.

There’s lots more we can do to lock down our devices the way we want.  We’ll get to more of it, next time.  Are you ready to keep your info to yourself?

  Source: ZDNet
To Top