Phones Access PINs Security Issues

[nlinecomputers]

One of the reasons I don't put a lot of apps on my phone like...banking apps. I do not want anything that connects to my bank...on my phone.
I don't do credit card payments on my phone...like Google Pay
I don't store a notepad of secret notes on my phone. I chuckle at how many iphone users think that that "notepad" thing in an iPhone is like a bank vault and store every important thing in there...I just shake my head when I see that...thinking ..."yeah, one day...you're poached..."

Yeah you could get to my work stuff...email....but...I don't have secret stuff in my email either.
Only thing on the phone I have concerns about losing...is my Microsoft Authenticator app with over 20 accounts work of MFA/TOTP stuff in there.

So that would make me run a "remote wipe" soon as I think my phone is gone.(or have someone at my office do that).

My phone is fingerprint unlocked, I have a longer PIN.

The "ease" of users being targeted for their phones is something that is on the rise for sure. How many of you still go grocery shopping? Stand in line at the checkout? Ever see people standing there waiting for the line to move forward...they whip their phone out of their purse or back pocket or coat pocket..unlock it (just 3-4 feet in front of you)...you can easily catch their PIN with your eyes. Not hard to grab a phone out of a ladies purse at a line. Or follow out to the parking lot and jack her. Or...how about at a bar? I don't think that many people here spend time at a bar...if they don't immediately recognize how juicy of an easy environment this is. People sitting at a bar (or standing) very often whip their phones out...unlock, use them quickly...put them down....a few minutes later, pick up, unlock.use for a minute...put down. All the while as they talk to someone next to them...(usually meaning turning and facing them). At bars, people "not" sitting at the bar often nudge up to the bar to order a drink(s) and walk away. Bars with high volume and high turnover of customers...bars that cater to younger people..x10. Pretty easy to eyeball someone unlocking their phone from..."standing right next to them distance"...wait til they place their phone down on the bar (as...many people do)...the victim turns away to talk to someone...BOOM, grab and walk away. None of the victims here had to stand up, hold their phones over their head and enter the PIN for everyone to see. It was all done many times in an hour within close visual range.

I'm becoming more and more security aware in recent years, because we're seeing so many businesses get poached from...lack of some form of security on their data. Even those with some basic security...sadly things like this recent "auth token" stealing is going around rampantly.

I have an android phone and I have an app on it called Gravity Screen Pro. It locks my phone the instant I put it in my pocket. It locks my phone if I put it face down and I almost never use my PIN just my thumbprint.

 

[britechguy]

The ignorant yahoos that flood this field are going to be having a very hard time financially once this trend plays out

Of course that's true.

In addition, we are each going to have to decide what our personal "scope of practice" is, and stick to it. I don't, for instance, take on clients who want advice about HIPAA compliance. Even though I knew what I needed to do as a clinical practitioner in regard to HIPAA, I do not have any idea of what the actual computer/network security protocols are required in order to be compliant nor do I wish to learn. That's someone else's job and I'm happy for it to be someone else's job.

Given the kind of break-fix I do, I almost never get into security related issues beyond recommending to my clients that they use a password manager of their choosing and do not use the same password multiple times. Many do not listen. Even when I need passwords to get into a machine or account, when I'm doing on-site work I strongly prefer that the user enter those themselves and not share them with me, though some do on occasion.

I'm not in the security business, I don't claim to be in the security business, and, thus, I have no ownership or responsibility for what my clients may or may not do in that realm. They've got some specific something that's broken and needs fixing, or new that needs to be set up, and that's what I do. I don't look at their networks, firewalls, etc., etc., etc. My professional scope is constrained to the client presented issue(s) at hand that I elect to take on.

Were someone ever to try to sue me because some account they use was hacked, and I've never had anything whatsoever to do with that account nor securing their computing environment, I'd be mightily ****** but would engage my lawyer to countersue.

But for as long as I've been doing this, and with as many clients for whom I've done this, and where in my area business is still almost entirely done "on a handshake" (for lack of a better way of putting it), I don't fear each new client as a legal threat. I know what I'm doing, for what I'm doing, and I don't go outside my own chosen scope of practice.

 

[britechguy]

I almost never use my PIN just my thumbprint

Same here, in all respects. The only time I use my PIN is if I somehow have fat fingered my finger placement on the sensor enough times that it insists I enter a PIN. That and when the phone is rebooted, as it will not take biometrics unless you have unlocked the phone initially after a reboot with the PIN (and I think it also requires a PIN entry again every 72 hours, too).

 

[YeOldeStonecat]

I have an android phone and I have an app on it called Gravity Screen Pro. It locks my phone the instant I put it in my pocket. It locks my phone if I put it face down and I almost never use my PIN just my thumbprint.

I also use my thumbprint, not my PIN. (same with my laptop) Googles Pixel will lock very quickly (probably a setting that I found and dialed it way down), I think it locks right when you place it upside down too. And of course, if you press the side button when done (I do that before putting in my pocket to avoid butt dialing...since I'm holding the phone by the sides anyways, my finger is right there to press the button to ensure it's locked. But..my phone isn't really my concern, since I'm an IT guy and...somewhat aware of security, I wouldn't leave my phone on a bar while my back is turned to it for example. It's the general masses....the broad topic here...that I'm concerned about. Not that someone elses losses would affect my credit or my bank account, so I shouldn't care...but...I'm old school with a generally good moral compass.