I'm curious, how do most people secure their PDA and the data on it? I happened to be reading through old articles on brighthand and noticed one that suggested encryption software.

Personally, I've mostly used a PIN, rather than a password, for quicker access. Since getting my 5455, I've switched to fingerprint authentication (with a password option as well, just in case).

The finger print reader certainly gives the feeling of the data on the pda being secure. But how secure is it? Could someone still access the information in the RAM somehow? If the PDA was stolen, could the thief simply do a hard reset to get around it? Obviously he'd lose the data, but would end up with a $700 pda...

Just my thougths...

I don't use anything on the PDA specifically.

Any personal information I have is kept in eWallet which is password protected at least.

I use a PIN to protect the device contents in general, but I also use eWallet to encrypt sensitive data, primarily because that data file is
sync'd to my laptop and subsequently to my server and then a tape. It is also on a storage card, which the PIN cannot protect, within a Pocket Backup file, though that entire file is encrypted too.

Plus, for convenience, my PDA PIN only kicks in after an hour.

i don't usually use my password protection either - i use flexwallet for personal information (passwords, logins, etc.). i use to use sign-on but the signature sign-on got to be a little buggy.

Passwords are a bitch and I already have to keept a list for all of the ones I know. That list is encrypted (with a password I won't forget). I use the Bioswipe and Resco's File Explorer 2003's encryption. Works well, I just wish the decrypt would give you a option to decrypt on the fly and recrypt after saving, but the way it is is ok too (gives opportunity to change password). I tried F-Secure that came with my 5555, but it was a bit buggy and I took it off. Resco is much better plus I think it uses better encryption than F-Secure anyway. My Bioswipe will only kick on after 15 minutes. That makes frequent checks easy, but when I don't use it for a while (and possiblly leave it sitting on my desk), anyone who picks it up won't be able ot get in.

My son got ahold of my Ipaq this am when I was out of the room and was coloring on it. Transcriber picked up his colors, translated them into an invalid password, and eventually hit the max attempts. Now I'm looking at a screen that says I have to perform a full reset, and to check the manual for instructions. Of course, the 5455 didn't really come with a 'manual', just a bunch of little mini manuals about bluetooth, wifi, and bioswipe. Still searching for the hard reset instructions now.

:(

On the upside, I had just run a backup to SD last night. Unfortunately, I didn't back up the ipaq file store.

Gai-jin

Still searching for the hard reset instructions now.

On the upside, I had just run a backup to SD last night. Unfortunately, I didn't back up the ipaq file store.
No problem. The iPAQ File Store survives the hard reset, which is why you should never put anything sensitive there unless it is encrypted.

Finished the full reset, now it's time to restore the backup and re-install critical apps that were in the file store. :(

Ed,
Unfortunately, it did not. The PIM data backup did, but everything else that was there (calligrapher, for one) did not.

And, looking at HP's web site, it seems that perhaps that's expected?

I know the file store survives if the battery goes completely dead, but it seems to have cleared it out in the process of the full reset.

Gai-jin

I would have liked to see separate poll options for "PIN" and "strong alphanumeric password," since they're entirely different levels of security IMO. I have my Pocket PC "secured" with a PIN that kicks in after an hour of idle time, but it's a really easy PIN. I made it an easy one (only 4 digits) so I could hit it with my fingers using the little number pad. It's mostly there as a light deterrent.

My boyfriend uses a strong alphanumeric password on his, and he goes the whole nine yards, with upper and lowercase letters, numbers, and characters. (He works with computers for a living, so he's a bit more security-conscious.) This means his PPC is reasonably well protected, but it also means he has to get out the stylus and tap the soft keyboard every time he wants to get in. Too much hassle, as far as I'm concerned.

Personally, I use biometrics for access, but my iPAQ is set up for biometrics OR password. I have a strong password (mixed case, numbers, and symbols) at the ready, just in case the figerprint scanner dies, or I lose a few significant digits.

I did start off with two seperate options for that, but to seperate out each possible method of securing your device seemed like it would make the poll more confusing than it was worth.

Gai-jin

I would have liked to see separate poll options for "PIN" and "strong alphanumeric password," since they're entirely different levels of security IMO. I have my Pocket PC "secured" with a PIN that kicks in after an hour of idle time, but it's a really easy PIN. I made it an easy one (only 4 digits) so I could hit it with my fingers using the little number pad. It's mostly there as a light deterrent.
Given the way the Pocket PC starts to slow down when you guess wrong, the PIN is a HEAVY deterrent as long as it isn't something stupid like the year you were born or something else easily guessed in 10 tries or less. See this discussion at Brighthand (http://discussion.brighthand.com/showthread.php?&threadid=83421&perpage=10&pagenumber=2) to see why to guess even 100 PINs, or just 1% of the possibilities, it would take roughly 323,631,000,000,000,000,000 years if my calculations are correct and the PPC continues to double with each incorrect guess.

I do agree though that PIN and encryption are two totally different things. I continue to encrypt data in my eWallet file for a couple of reasons.
• I have my PIN set to activate after 1 hour for convenience
• My eWallet file is sync'd to my laptop, which is in turn replicated to a server and then backed up to tape from there. Each of those devices have their own form of security, but others on the LAN have access to it by the very nature of their job description. I trust them, but I don't know about the next person we employ until that trust is built.

Because of the way the PIN works, I think the strong alpha-numeric password is overkill for most circumstances.

Its really scary when the PDA presents a hard reset button when you scan your finger or type in the pw too many times wrong. Seems like its easy to just have someone nuke all your data and be on there way. So i guess the passwording is simply for protecting your data and not the integrity of the PDA.. huh?

This isn't entirely accurate.

The password is MAINTAINED across hard resets, and anyone that tries to steal your password device, is going to be met with the PPC 2002 or WM 2003 Password applet when they try to turn the thing on after the hard reset.

This has happened to me many times when I have hard reset my 5455. If it does ever get stolen, I am at least satisfied that the thief is going to be holding a brick no matter what they do.


Kind Regards,


Christopher Spera