September 19, 2003
What's in Your PDA? PDA Survey Sends Wake-Up Call
From a security and identity theft perspective, this is scary. I, for one, do not keep any sensitive financial account information on my PDA for this reason. I do use a password, but admit that I don't lock my PDA with it as much as I should, for convenience sake. I have tried numerous Palm programs that are supposed to lock your PDA after "x" minutes of inactivity, but they universally caused so many fatal errors and soft resets that it was counterproductive. There's still a few more I want to try, but I'm not hopeful -- my PDA is just too "tricked out" with a lot of different apps and hacks running on it. The security programs just don't play nice with the rest.
I am, however, extremely diligent about my devices in public places. For example, whenever I get up from a restaurant seat or exit a taxi, I always do a quick pat check, just to make sure the PDA and cell are still there. If this is obsessive-compulsive, so be it. These are indeed the top ways people lose their mobile devices -- the little devils just slip out of your pocket when you're not looking. (I think Dockers was onto something with their Mobile Pants, but the external zippers just looked too geeky.)
The lack of PDA passwords is not surprising at all. What is: storing sensitive financial information or key passwords without password protection. That's just plain crazy, especially since the survey reported that 25% lost their PDA's at some point. That's one out of every four PDA owners. But again, the masses prefer convenience to security at this level -- we're just in too much of a rush these days.
I previously stored online passwords on my PDA in a database using 160-bit Blowfish encryption, which is pretty strong. However, after several months, the database was irretrievably corrupted, and I decided that it was just smarter to keep them in my head. I probably have over 50 passwords, since I rarely recycle them between sources. That way, if someone discovers one of them, it doesn't compromise the rest. When it comes to passwords, compartmentalization is a good thing, as long as you can keep them straight.
So I'm good until Alzheimer's hits, and hopefully that's a long way off. At least I've made sure the Mrs. knows the important ones too. I've also considered encrypting them on my home PC, but that still bothers me -- that someone could somehow access them. If I'm somehow mentally disabled or dead, I just don't think looking up passwords is going to be my #1 problem.
I've recently posted a very compelling example detailing why storing sensitive information on a PDA or other mobile device, without proper security, can really come back to bite you. Let's be careful out there.