Take my wallet, but don’t take my phone

Stealing Phone

It used to be that the worst thing you could lose was your wallet, but that’s no longer true. The (smart)phone has become the mobile epicenter of personal data and communication storage. Even more, it’s also become the primary method most services use to verify identity. In fact, 2-step verification almost solely relies on a mobile phone for secondary verification.

If you don’t have your phone properly secured, a thief could easily gain access to your email and financial accounts. They can also use it to change your contact information and steal your identity.

Even more shocking, you don’t have to physically lose your phone to have it stolen!

How to fully secure your phone

  1. Secure your wireless account – Before you do anything, you need to create an Account Password. Your Account Password is NOT your Online Account Password. The Account Password is a secondary password that is associated with your account, and it is typically created in person or over the phone. If you forget the password, you can only change it in person and must prove your identity. All major carriers support this, but it’s not activated by default, you have to request it. The main reason to do this is to keep people who have stolen your identity from porting your number to their account. This almost happened to me a couple years ago, but I was able to stop it just in time. Without this safeguard, it’s possible for a thief to steal your phone (number) without you ever losing your phone.
  2. Create a more secure passcode – 4 Digit passcodes are not that secure, especially if the numbers could be easily guessed based on knowledge of your identity (dob, etc…). Choose the advanced passcode option on your phone and create one that either has many more numbers (to keep the entry faster) or even better, create one with numbers and letters. And thanks to fingerprint technology, like the kind found in the latest iPhones, the only time you’ll have to enter a complex password is when you shutdown and restart the phone.
  3. Automatically erase data after failed login attempts – Don’t allow thieves the ability to try a ton of password attempts. Instead, make it so the data self-destructs after a series of failed attempts. You can turn this option on for an iPhone in Settings -> (Touch ID &) Passcode. Scroll to the bottom to turn it on. After 10 attempts, all personal data will be erased
    Erase Data
  4. Enable the ability to remote wipe your phone – If you’re an iPhone user, you can turn on Find My iPhone in the iCloud settings. This will enable you to not only find the physical location of your phone, but also remotely wipe it.

    Remote Wipe
  5. Require passcode immediately after locking phone – While this may sound inconvenient, it can save you from unauthorized access to your phone. Some people like the convenience of not requiring their passcode until after one to five minutes of turning off their phone’s screen. However, that leaves a window of time open for people to gain access to your phone. You should change your phone’s setting to lock it immediately after turning the screen off.

If you really care about your security and identity, then none of these items should be seen as optional. And while you’re at it, you should also add an automated VPN connection to your phone (and computer) too.