This is a follow-up to my post from a couple of weeks ago, What I learned after I lost my smartphone. You may want to read that first if you haven’t already.
My lost smartphone has been found! To my surprise, I got a call on Thursday from a young woman in Safety Harbor who had purchased a phone from an acquaintance. When she turned on the phone to activate it, there was a message from me that appeared. It went something like this:
Please return our phone. We can be reached at (phone number). No questions will be asked.
That was, if I recall correctly, the message we had set on Find My iPhone after losing the phone. Thankfully, the woman who bought the phone (for $50 – what a deal) is honest and did the right thing. Here’s what I learned, in retrospect.
1. I made one major security mistake
In iOS7, Apple added a new featured called Control Center, which provides easy access to a number of useful things like changing the screen brightness, volume, etc. It looks like this:
Note the first two icons in the upper right – the first puts the phone into Airplane Mode (all connections off) and the second turns wifi on & off. I had it set so Control Center could be accessed from the lock screen, which was a bad idea. This allowed the thief to take the phone offline (via Airplane Mode) without turning it off, giving them time to try figuring out the passcode.
It also reduced the time we had to try to locate the thief via Find My iPhone. The immediate time period after the loss is the best time to locate the phone as the thief will likely be nearby.
Needless to say, I immediately turned off the ability to access Control Center from the lock screen on my phone after realizing this.
2a. When you set a phone to be erased in Find My iPhone, it won’t notify you when it’s online
Well duh – that makes sense. I’m just happy that the woman called my number before the phone erased itself. So you have to decide whether to
- try to find the phone and take the chance your data will be accessed
- erase the data and take the chance you will lose the phone
I would still go for the latter – buying a new or used replacement phone is much better than having a thief access your bank account.
2b. When you set a phone to be erased in Find My iPhone, you can’t undo it
Even though I got my phone back, the data was still erased. There’s no option in Find My iPhone to cancel the erase, as I found out. No worry though – that’s what back ups are for.
3. You can set an actual password instead of a 4 digit passcode in iOS7
A password can have 10+ characters and use both letters and numbers, making it highly unlikely a thief can figure out your login. Unless, of course, you use a bad password like password or 12345678. Considering I need to access my phone multiple time a day, I’ll stick to the 4 digit passcode. However…
4. You can set an iPhone to be erased after 10 failed login attempts
This is a really good idea – unless you have a toddler in the house like I do.
5. Using iCloud Keychain is a really, really bad idea
As Apple says, iCloud Keychain keeps your Safari website usernames and passwords, credit card information, and Wi-Fi network information up to date across all of your approved devices… It sounds incredibly convenient – and you can’t access the actual passwords or CC info without another passcode. But if a thief logs into your phone, they can use Safari to log into sites that have passwords saved – including banks, Amazon.com, etc.
I am really glad I don’t use iCloud Keychain – no one should, unless they 1) use a long & complex password to login to their phone and 2) have the phone set to erase after failed login attempts.
A better idea is to use a less deeply integrated password manager like Lastpass, which requires a login before allowing access to passwords. It also isn’t integrated in browsers on mobile like iCloud Keychain is with Safari. If you need to use a password saved in Lastpass, you’ll have to login and then copy/paste it to use it.
6. iOS7 has something called Activation Lock
Even if a thief were to guess the 4-digit passcode (which has 10,000 total combinations and can be hacked in several hours), they can’t turn off Find My iPhone, log out of iCloud or erase/reactivate the device without your iCloud username and password. But if a thief can login to your phone, you have much bigger issues than losing the device. It’s a no-brainer when choosing between losing a phone and identity theft.
7. Backup your phone regularly
This is a no-brainer. With iCloud the most vital data can be backed up regularly via wifi, or you can connect to a computer with iTunes via USB for a more comprehensive backup.
Frankly, I’m lucky and dodged a bullet with this loss & recovery. I figured that the average find a phone in the park and try to sell it thief isn’t savvy enough try accessing the data instead of selling the phone for a measly $50 but you never know. If they had some resolve they could’ve figured out the passcode and I’d be completely up a creek right now. I may still be, if they accessed the data and then sold the phone. I hope that changing all my passwords saved me there.
Of course, it’s all 20/20 in retrospect. I feel better prepared for the next potential loss and I hope you are too.
Photo credit & license