Android Phones, Following you everywhere - Part One
Just in case you need a reminder, Android (and other) phones are computers. It is important to remember how powerful they really are and how much data about you they can retrieve and store. Would you let a stranger accompany you everywhere you go minute by minute of every day? Well your phone is that stranger. If you click yes to all those apps that ask if they can have access to your contacts and photos, you have just allowed several strangers into your life. Sounds overly dramatic doesn't it. But data is what entities look for because information has a monetary value. If you have location history on, have a presence on many social media sites, or belong to special interest groups, additional data, possibly including false information regarding you, becomes available. I'd rather have more privacy than less in such a highly connected environment like ours where data flies around in the wink of an eye or at the touch of a few buttons. Trust should be earned, and not given.
So remind yourself that although these devices are indeed useful and powerful, you need to handle them with respect because if you are unlucky or careless or both that power can be used against you. So protect yourself. Security is really about layers. You put up different types of barriers in the hope that an onlooker will give up and look for easier targets where the obstacles are fewer in number.
Here is a short and incomplete checklist you can use to create that layering.
- Don't use an old version of Android software because whatever weaknesses and bugs that exist in that old version of Android software will be well known and exploited
- Recognize when your Android software has failed to update and spot manufacturers who fail to provide regular updates for the versions of Android they sold their phones with. If you buy a Google phone you know you will get guarenteed regular updates to Android software for three years from the date the phone became available for purchase. Most manufacturers have a good, mediocre or bad history when it comes to updates - stay away from the bad ones. Google is probably the best in this regard.
- The hardest part of keeping your defences strong is the drudgery of password management and the need to change them every once in a while. The more critical the
account is the more frequently it should be changed. This is where you can use some helpful methods for coming up with and remembering passwords.
Use passwords that include letters, numbers, Capital letters, and keys like @, % or ! found on the row of numbers on a regular computer keyboard. To simplify remembering passwords use sentences. For instance, make up a sentence like:
"If only I hadn't been so careless; I wouldn't be in the mess I'm in!"and take the first letter of each word to make a password. So for the above sentence you would get:
Ioihbsc;iwbitmii!However, there are no numbers or capitalisations so make some characters upper case, and add more characters like @, % or # if you can.
IoiHBsc#;iwbitmii!Once you get the knack for making silly sentences that are personal to you that you can remember easily it will become quite easy. Just don't make passwords out of people, pets or things you are known to be associated with.
"I love my dog spot" is not nearly good enough to make a password with. Sorry. And don't quote famous lines from plays or books you've read. But crazy personal sentences can be remembered easily once you get used to it."Grandma sat on a plane and spoke to a friendly chubby green frog all the way to Australia"
works great because there is an image in it to help you remember how to rebuild your password. Just remember to add numbers and capitalisations and some funny charaters like in the first example.Keeping a little black book in a secure location at home is a good idea too if you are not interested in using password manager applications. Don't carry the little black book with you when leaving the house though - THAT is a big no-no!
- Use 2-factor authentication when logging into online accounts.
Google has a two factor authentication application you can use. Check it out by doing a google search for "google two factor authentication"
When you login to an online account like google, and after entering your password, you may get an additional prompt to also enter the code that has just been sent by google to your phone. Google does this because only the real owner of the phone should be holding it in their hands. This protects you when someone is trying to login as you after finding out what your password is. Because they don't have your phone, they don't have the code that was just sent, and therefore they can't complete the login process. And if someone did get your password and try to login as you, Google will notify you that an attempt was made to login as you. This notification should spur you into action so that you change your password.
Two factor authentication is available for almost all security conscious online entities. You do have to turn it on though and almost all online entities support google's 2 factor authentication app. If you go to the security settings for you various online accounts ( Facebook, banks, financial institutions, Amazon etc), there will be a section dedicated to configuring 2 factor authentication. If there isn't a way to turn it on for the site you are trying to login to, you should seriously consider deleting your account there because they are most likely an above average security risk. Why keep your online profile at a site that has lax security.
Authy is another example of a two factor authentication application that can be installed on your phone from the google apps playstore. It does the same thing as google's two factor application. That is, the app will keep a list of all the online accounts you have configured for 2 factor authentication and provide the codes you will need in addition to your password when logging in with an online account - no need to have a code sent to your device.
You can compare the Google's version with Authy's here just below. Just remember to have the 2 factor application installed on another device just in case you lose your phone! Otherwise, you will be locked out of every site where you configured it!