Gone with the phone… on information security

My wife lost her phone yesterday. The chaos that followed has really made me think about how vulnerable we are today, when literally almost everything is placed in this wearable (and loosable) computer. As a matter of fact, the more we are able to put into this device, the larger is the loss. What I’ll describe today is the situation here in Sweden, but I think there are aspects that are general as well.

But is it so bad, really? Well, to start with, the phone had a nice cover, where you can put your credit cards and ID… fortunately not all cards fit in the cover. But that is just an inconvenience compared to the rest:

1. Social media

Since she uses social media a lot, they are of course all logging her in automatically, since it is so awkward using safe passwords. Well, they are of course protected by the phone PIN, but since she never enters them anywhere anymore, they are also quickly forgotten. So, there is no way to access the social media now. But wait, can she not send for new passwords. Sure thing, there is just one hitch: two-factor verification. When she asks for a link to reset a password, she needs to enter a code, which is… yes, of course, sent to her phone. 

2. Photographs, movies, memories…

We don’t use cameras any more, since the mobile cameras are almost better than traditional system cameras. And everything is stored continuously on our phones. Pictures, movies, sounds, etc. are so easily lost, and unless you have an automatic transfer of them to a cloud storage (which is pretty expensive, to tell the truth) they will disappear with the phone. “Gone with the phone…” is a very appropriate title to this phenomenon. 

3. Notes and other texts

It is not easy to synchronise data from the phone to other computers or backup systems. SMS:s are not automatically backed up in any way I know of. This becomes evident whenever we change our phones (willingly). However, all other kinds of texts are also not automatically backed up from our phones.

4. Worst of all?

Today the phone is not only a communication device, it is the identification device for most transactions and for access to private information. The phone ID applications are the keys to almost any non-public communications we have. Without this, there are many public services that you cannot use any more (or until you get a new phone and a new ID application). So, you are effectively locked out of society.

OK, so lots of stuff has been lost or made unavailable. But life goes on as usual, or? Well, yes and no. Ultimately most of the loss is repaired in some way. But, and that is the reason I write this post, we also need to draw our conclusions from this kind of experiences. The easy conclusion is that we need to make sure that everything on our phones is secured and backed up. Essentially, this means that the losses are the “user’s own fault”, and you “only have to…”.

But, in my opinion, the problem lies in a completely different direction. Today the phone has become such a central artifact in most people’s lives, that it is an indication of that we need to start rethinking the information flows and security measures in society. In many cases you can, e.g., log in to services using your Google or Facebook accounts. But, with this in mind, do you really know where your login information resides for all the accounts you use? Do you know how to store and retrieve all your passwords using a password manager? Now your Google account and browser also store your passwords. And hey often conflict with each other. 

I consider myself quite tech-savvy, but I can honestly say, now when this happened to my wife’s phone, that I don’t know where all my login information resides. I have realised that I have lost my login control. And I have lost the control of where all other information goes. So my question to you who read this is: 

Do you have full control of your situation today?

NOTE: This post has also been published in my personal blogs, moomindad.wordpress.com and www.publish0x.com/@Mumriken

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.