NEW YORK – The government hack of an iPhone used by a San Bernardino killer serves as a reminder that phones and other electronic devices aren’t impenetrable vaults.
While most people aren’t targets of the NSA, FBI or a foreign government, hackers are looking to steal the financial and personal information of ordinary people. Your phone stores more than just selfies. Your email account on the phone, for instance, is a gateway to resetting banking and other sensitive passwords.
Like washing your hands and brushing your teeth, a little “cyber hygiene” can go a long way toward preventing disaster.
Lock your phone with a passcode
Failing to do so is like leaving your front door unlocked.
A four-digit passcode – and an accompanying self-destruct feature that might wipe a phone’s data after too many wrong guesses – stumped the FBI for weeks and forced them to bring in outside help. Using six digits makes a passcode 100 times harder to guess. And if you want to make it even harder, you can add letters and other characters to further increase the number of possible combinations. These are options on both iPhones and Android.
The iPhone’s self-destruct feature is something you must turn on in the settings, under Touch ID & Passcode. Do so, and the phone wipes itself clean after 10 failed attempts. But the 10 attempts apply to your guesses, too, if you forget your passcode, or if your kids start randomly punching in numbers. Android has a similar feature.
Both systems will also introduce waiting periods after several wrong guesses to make it tough to try all combos.
Biometrics, such as fingerprint scanners, can act as a shortcut and make complex passcodes less of a pain.
Much to the FBI’s displeasure, iPhones running at least iOS 8 offer full-disk encryption by default. That means that the information stored on the phone can’t be extracted – by authorities or by hackers – and read on another computer. If the phone isn’t unlocked first, any information obtained would be scrambled and unreadable.
With Android, however, you typically have to turn that on in the settings. Google’s policy requires many phones with the latest version of Android, including its own Nexus phones, to offer encryption by default. But, according to Google, only 2.3 percent of active Android devices currently are running that version.
Set up device finders
Find My iPhone isn’t just for finding your phone in the couch cushions.
If your device disappears, you can put it in Lost Mode. That locks your screen with a passcode, if it isn’t already, and lets you display a custom message with a phone number to help you get it back.
The app comes with iPhones, but you need to set it up before you lose your phone. Look for the Find iPhone app in the Extras folder.
Meanwhile, Activation Lock makes it harder for thieves to sell your device. The phone becomes unusable – it can’t be reactivated – without knowing its Apple ID. The feature kicks in automatically on phones running at least iOS 7.
If all else fails, you can remotely wipe the phone’s data. While your information will be lost, at least it won’t end up in the hands of a nefarious person.
There isn’t anything comparable built into Android phones, but Google’s Android Device Manager app, along with a handful of others made by third parties, can be downloaded for free from the Google Play app store.
Back up your phone
If you do have to remotely wipe the phone’s data, it’s comforting to know that you won’t lose all your photos and other important data. It’s helpful, too, if your toddler dunks your phone in a glass of water.
As mentioned before, apps such as Find My iPhone and Android Device Manager will allow you to do this, provided you set them up ahead of time.
Keep your software up to date
Software updates often contain fixes to known flaws that might give hackers a way into your device.
On iPhones, Apple prompts you to get the update.
It’s more complicated with Android because updates need to go through various phone manufacturers and wireless carriers first. But do install updates when asked.