Every IT department has this policy. If you have a work computer, you’re expected to password lock it when you leave it unattended.
This makes sense, and I’ve followed this practice for many years, for work and personal machines, including desktops. My wife switched to locking her desktop after our cats created a few random events in her calendar.
I guess it was a bit jarring to see an appointment at 4 PM for “rtggggggggggggggggggggggggggjhkljm”. Anyway, why wouldn’t you use a password to lock your computer? It’s got scads of personal data on it, maybe even a good old password.txt file.
This is easy stuff.
But how many people follow lock their smart phones?
I asked this same question on Twitter, and a surprising minority actually password-lock their devices. Keep in mind, an iPhone could has 1) your contacts, 2) several of your email accounts, 3) mobile banking information, 4) pictures of you and yours, 5) scads of personal information.
Just like your desktop or laptop, making it an easy target for identity theft, impersonation, all kinds of bad.
Unlike your computer though, your smart phone is small and not that hard to misplace. Believe me.
Some of the feedback I got from Twitter was around the inconvenience of a locking feature. The iPhone’s Slide to unlock is supremely easy, and even with the PIN enabled, it’s not that much less convenient.
So, there’s good design going into security for smart phones. Remember the Android unlocking feature, which is clever, but still crackable by low tech means? The designers of these locking features have done a good job making them easy.
So, do you password-lock your smart phone? If not, why not?
Find the comments.
Oh yes, I lock my smart phone. Even if I weren't concerned about ID theft, there's still a very compelling reason: I have a 2.5-year-old. Who knows that Daddy's iPhone “pays moosic,” shows “pitchas uv ME!” and has a lot of colorful buttons that do neat things when you touch them. W/o a password lock, it's only a matter of time before random contacts start getting unintelligible spam, or blurry photos of stuffed animals, or something worse.
Excellent point, that probably increases the likelihood of loss too, making the password even more helpful.
I really don't understand why you *wouldn't* use the password lock on a smart phone. Aside from laziness, I haven't seen a good use case yet.
My employer (who happens to manufacture smart phones) requires that its employees lock company-issued smart phones. Employee setup of a smart phone includes mandatory specification of a password.
That makes sense, and I'm sure there are lots of IT departments out there that do the same. It gets dicey when you carry a smart phone that's not “for work”, e.g. an iPhone.
I assume you would do the same for a personal smart phone too?
Until recently, the circa-1998-style phone I used didn't have any valuable information or access in it, just phone numbers. So, I didn't really think about it when I got a smart phone; that is, until I read your post. Thanks for the reminder–I'm usually the one leading the charge on security and am ever-vigilant about locking my screen. I set up my passcode just a minute ago and feel much better now.
I once worked in a place where they had a points system and if you lost enough points (being caught without a locked screen was the most common way to lose points), it was grounds for terminating employment. I don't think it happened to anyone, but it certainly kept everyone on guard. It was, after all, in a classified government facility, so good reason to keep the secret stuff secret.
Well, up till now I haven't formed the habit to lock phone. But I do lock my Computers.
I think it makes sense. iPhone or other smart phones contain so many private data…
Also, if OpenSSH is installed on iPhone, it's better to shutdown the service or change the default root password to a strong one, or the iphone's gonna be hacked…^_^
I guess it also makes sense for Apple to place an self-destroy app inside the OS X mobile system so that all data can be wiped off once it get lost…
I had my iPhone for over a year before it dawned on me that I should lock that puppy. Even after I misplaced it and felt the cold panic attack, it still didn't dawn on me to lock it.
Interesting workplace story.
The iPhone was hacked a couple months after it was released. There were a couple ways to take control of one, and obviously, jailbreaking/unlocking are considered hacks, too.
Your tip about changing the root password is a good one that I've heard before, and thought about doing. Adding to my to do list.
I think you can get an app that does a remote kill on private data, not recalling the name right now, but it's definitely one (of few) for which I'd pay.
Yes – I have a Treo 680 (PalmOS).
Read your comment a bit quickly the first time.
I wish I could change my root password without violating the terms. I can't believe there isn't 1) an approved way to do this and 2) a remote wipe app that isn't dependent on Exchange.
Please correct me. Seriously, these are both must haves for me.
Does that have a PIN option? My wife had one of those, but I don't recall that option. Didn't really look though.
Yes, the treo 680 has the option to lock with a PIN. I set that up the day I got it. For me, it was a convenient replacement to my Tungsten T2 and I am a bit paranoid about all my contact info falling into the wrong hands (because it has that other kind of data you described buried inside some of the “contacts”
Good thinking, I'm still a bit bewildered by the number of people who don't do this. I usually err on the side of paranoia though.