Mobile phones are amazing devices. They’re much more than just having your email or social media at your fingertips; they’re truly portable general-purpose computers that also happen to be able to make phone calls.
We do a lot with our phones. Because they’re always with us, they’re one of our primary means of content consumption — everything from social media to news to maps to ebooks and more — as well as our primary means of communication (though ironically, rarely by actually using the telephone) and one of our primary content-creation devices as well, in the form of photos and videos.
As tiny computers, we’ve come to rely on them to store data, act as security keys, wallets, fitness trackers, automotive trackers, and dozens of things I can’t even think of right now.
Given everything we use our phones for, to say that we shouldn’t lose them is stating the obvious. And yet lose them we do. I’m going to review some of the things you need to be aware of when (not if) you lose your phone, and some of the ways you can mitigate the damage when it happens.
Become a Patron of Ask Leo! and go ad-free!
- You lose access to data on the phone.
- You lose control of data that can be accessed by the phone.
- You risk losing access to any account that can be accessed by the phone.
- You risk losing access to your accounts via other means.
- You risk someone being able to impersonate you.
If it’s in only one place
The first thing most people think of when they lose their phone is the collection of photographs and videos they keep on it. Most commonly, these are images they’ve taken using the device and haven’t bothered to copy anywhere else.
In other words, they’re not backed up. They exist only on the phone. When the phone is lost or stolen, so are all the photos.
While a few items might have been shared either directly or via social media or other means, you can’t count on it. You also can’t count on those that were shared having been saved, or having been shared in original quality.
Remember, of all the other data you keep, particularly on your phone, photos and videos are the only ones that cannot be re-created.
If it’s on your phone, it’s in their hands
If your phone is stolen, the data on it is now in someone else’s hands. All of the data stored on your phone: your emails, contacts, texts, chats, documents, photos and videos, and everything else.
And yes, it’s sometime difficult to know what’s on the phone and what’s online in “the cloud”. As a result, you must assume it’s all been handed to the person now holding your phone. Besides, as we’ll see shortly, the distinction between what’s on your phone and what’s online may well be irrelevant.
If your phone is your key
Security experts and not-so-experts strongly recommend two-factor authentication as a means of securing your online accounts. Without a doubt, for maximum security you should avail yourself of this option if it’s available for any account you consider important.
Phones are common and convenient two-factor authentication devices. Be it via code-generating apps that run on the phone, to codes in text messages that you receive when logging on elsewhere, your ability to provide those codes on demand “proves” you have the phone — the second factor — in your possession. Thus, you must be who you claim to be.
When a phone is stolen, the first thing people worry about with two-factor authentication is that the thief now has their second factor. That’s typically not as huge a problem as you might think: they need both factors — your password and the phone — in order to sign in as you elsewhere. Typically, getting access to the phone won’t gain them access to your passwords as well.
The real, larger problem is you no longer have your second factor. Unless you’ve prepared, you may not be able to log in to the accounts so protected.
Your phone becomes their portal
Much of the data we access using our phone is not actually stored on the phone. Using various apps and interfaces, our phone is a portable gateway to our online world. Email is the most obvious, but cloud-storage services, note-taking apps, music players and more all work primarily by fetching your information from your accounts online.
Once a thief has access to your phone, they have access to this portal. They can — and often do — proceed to immediately change your email password so as to take control of that account, and at the same time remove their need for your phone to continue; they can access your email anywhere now. Since your email is also often your backup/recovery account for other online services, just getting access to that opens a second portal for the thief to then wrest control of those accounts as well.
They might become you
Stealing your mobile device is one of the best ways hackers and thieves begin to impersonate you, possibly even leading to outright identity theft. Not only by stealing your accounts, as I’ve discussed above, but by literally impersonating you. Calls they make, or perhaps more realistically, text messages they send, appear to have come from you. They can use that ability to fool everyone from online services and banks to your friends and family.
So, what to do?
Now that I’ve laid out the great risk we embrace by relying so heavily on these portable and easily lost or stolen devices, what should we do?
Certainly returning to luddite ways and abandoning the technology is not an option. Oh, I know it will be for some people, but it’s their loss.
And there’s no need. There are several simple steps you can take to protect yourself.
Back up your phone
Particularly when it comes to photos and videos, there’s simply no excuse. Most cloud storage apps like Dropbox, OneDrive, and others offer to automatically upload the photos and videos you take. Depending on your choice, they can upload immediately regardless of where you are as long as you have an internet connection, or they can upload the next time you’re connected to Wi-Fi, so as to save on your mobile data plan.
If you do nothing else, back up your photos.
When it comes to the rest of the information on your phone, solutions vary. By virtue of being linked to an online account, for example, email and contacts are often automatically backed up. Many mobile providers automatically track which apps you have installed and reinstall them if you move to a replacement phone.
The data stored by the various apps you have installed, however, is a wild card. For each app with which you have a significant investment of data, make sure you understand where that data is stored and what happens if your device disappears. If additional backups are called for, look to the app developer for guidance.
Set a PIN
One very simple step to protecting the information on your phone is to set an unlock code or PIN, and make sure your phone automatically locks after some amount of time.
In order to access the device, the correct PIN must be entered. Without it, accessing what’s on your phone becomes difficult, if not impossible.
Also, consider configuring your phone such that if the wrong PIN is entered too many times — say ten times — then the phone automatically wipes all data.
A PIN isn’t perfect — it’s sometimes easy to guess or “shoulder surf” (watch someone enter their pin) — but it’s an excellent first level of defense when it comes to protecting the information on and accessible by your mobile device.
Consider a tracking service
You may or may not need an additional tracking service for your phone — you may already have one, courtesy of your platform (iPhone or Android) or your mobile carrier. In my opinion, it’s important that such a service have the following features:
- The ability to locate your phone using its GPS.
- The ability to remotely lock and/or wipe your phone of all data.
- The ability to display a message on the phone’s screen.
Remote wipe is critical, in my opinion, as it’s the only way to protect yourself should a thief gain access to your device.
Personally, in addition to the facilities made available via Android and my carrier, I use Prey to protect my phone, my wife’s phone, and the laptop with which I travel most.
Set up two-factor properly
It’s not enough to set up two-factor authentication. Whenever possible, you need to set up a recovery mechanism.
Most services that use two-factor have alternate approaches available when your second factor, such as your phone, isn’t available. They’re often more cumbersome and time consuming, but they’re infinitely preferable to not being able to access your account at all. Some of the recovery mechanisms include:
- Additional second factors, such as additional devices or text-message numbers to which a code can be sent.
- One-time passwords. These are created and saved somewhere safe. Should you not be able to log in using your second factor, you can use a one-time password instead. As the name implies, each can be used exactly once. If you run out of these passwords, you return to the service to generate more. The critical thing to realize is that you need to create one-time passwords before you need them, and keep them in a safe place.
- Recovery email address(es). Again, these must be set up beforehand, but they act as a type of second factor: prove you can access this pre-defined account, and you must be who you say you are.
Regardless, make absolutely certain that if you lose your two-factor device, you have an alternate way in.
Contact your mobile provider as soon as possible
Finally, if your phone has been lost or stolen, contact your mobile provider as quickly as possible. There are two reasons you don’t want to waste time on this:
- They can disable the phone, preventing it from accessing the mobile network (though the phone will likely still be able to access the internet via a Wi-Fi connection).
- They will be aware of all the security options — from remote wipe to simply locating the phone — that may be preinstalled, and be able to help you make the wisest decisions about what steps you need to take.
Given how much we use them and what we use them for, losing your mobile device is no small matter. It pays to prepare beforehand and act quickly when disaster strikes.