Log in

View Full Version : Keep your private data private


Ed Hansberry
06-03-2002, 12:00 PM
<a href="http://www.theregister.co.uk/content/54/25478.html">http://www.theregister.co.uk/content/54/25478.html</a><br /><br />It amazes me that approximately 10% of people with PDA's would have confidential banking information on their device unprotected. I guess these are the same people who write their PIN number on their ATM card so they don't forget it.<img src="http://www.pocketpcthoughts.com/forums/images/smiles/icon_rolleyes.gif" /> Or the 25% of those who store passwords and PIN's on their PDA and don't bother password protecting that data. Even worse, of the 6% of people that have lost their PDA's with sensitive information on it, about 33% of those do the same thing when they get a new PDA - store sensitive data unprotected!<br /><br />There is no question that you can keep confidential information on your Pocket PC, but you must take a few <b><i>simple</i></b> precautions to make sure that the data remains confidential and unreachable if your Pocket PC is lost or stolen. &lt;!><br /><br />First, password protect your Pocket PC. Start|Settings|Password. For Pocket PC 2000 users (Usually Jornada 52x, 54x, Casio E-1xx, EM-50x and non-upgraded iPAQ's or @migo's) you only get once choice. A 4 digit PIN at every power on. HP has a custom security feature on Jornada 52x and 54x devices that allow it to come on after the device has been off for a preset time. 4 digits gives you 10,000 possible combinations which is plenty. Why? Because, according to <a href="http://www.microsoft.com/mobile/enterprise/papers/security.asp#14">this article</a>, "should the password be entered incorrectly, the user is required to wait before trying again. The delay imposed between attempts rises exponentially, effectively locking the device after several attempts, but protecting the information within." So, as long as you don't use something obvious, like the last 4 digits of your phone number, your data is pretty safe, or the thief is going to have to be very patient. Pocket PC 2002 owners, or Pocket PC 2000 owners who install the <a href="http://www.microsoft.com/mobile/pocketpc/downloads/powertoys.asp">Microsoft Password for Pocket PC Powertoy</a> wanting even more security can use a password of any reasonable length using letters, numbers and symbols.<br /><br />Second, the above only protects data in RAM. The logic in this is if someone just wants your device, they can do a hard reset to clear the password, but this also clears all data on the device. So never ever store any data on a storage card or in the Flash ROM, like the iPAQ File Store or HP Safe Store that isn't encrypted by some other means. The Pocket PC's password cannot protect these non-RAM storage areas.<br /><br />Third, encrypt data that is really sensitive. I personally use <a href="http://www.iliumsoft.com/wallet.htm">Ilium Software's eWallet</a>, but there are others like <a href="http://www.developerone.com/pocketpc/codewallet/">Developer One's CodeWallet Pro</a>. Before you buy any of these, check your Pocket PC's companion CD. Many HP Jornada's come with CodeWallet and iPAQ's come with eWallet. I have my Pocket PC set to use the power-on password after one hour of being off. I find it too annoying to use the password every time I turn it on. Having that encrypted ensures that even if a thief gets my Pocket PC before the password has activated, they won't have access to sensitive data. With eWallet you can configure the eWallet file so that after X failed tries, it cannot be opened for X minutes. I like these types of programs because they are designed to arrange your data in a small database. These apps have several "cards" that have fields for the most common types of info you would want to store. Bank accounts, credit cards, system passwords, padlock combinations, etc. eWallet is so useful I can store non-sensitive data, such as air filter sizes or software registration keys in unencrypted folders in the database allowing quick access.<br /><br />You can also encrypt any file on your system with programs like <a href="http://www.f-secure.com/wireless/pocketpc/pocketpc-fc.shtml">F-Secure's FileCrypto</a>. These applications will encrypt Word documents, Excel files, email, entire folders or entire file systems. These types of applications are a must if you plan on storing large amounts of sensitive data on storage cards.<br /><br />If you are interested in learning more about Pocket PC security and other applications available, Microsoft has more information <a href="http://www.microsoft.com/mobile/enterprise/papers/security.asp">here.</a>

BevHoward
06-04-2002, 03:23 AM
some simple steps help as well

You can store numeric passwords and pins as telephone numbers in contacts under alias' such as "Freddy B." for "Federal Bank..." etc.

You can store sensitive info on a small CF or other memory card and keep it separate from the PPC until you need to read it and insert the card at that time.

Keep a separate, up to date copy and immediately change the passwords in the event of a theft.

The trick is to obtain a balance between protecting sensitive information and penalizing yourself on a daily basis with over protection.

Pony99CA
06-04-2002, 02:41 PM
You can store numeric passwords and pins as telephone numbers in contacts under alias' such as "Freddy B." for "Federal Bank..." etc.

This is just "security by obscurity", which often isn't very effective. It's almost like hiding a key under your mat. And now that you've mentioned it in public, we'll all check Freddy B. on any Pocket PCs we find. LOL


You can store sensitive info on a small CF or other memory card and keep it separate from the PPC until you need to read it and insert the card at that time.


But if you lose your Pocket PC with the card in it, it's gone. As Ed said, either store your data on the Pocket PC itself or encrypt it somehow.

Steve