SoylentNews is people
SoylentNews
from the they-will-never-guess-my-age-because-I-leave-my-phone-unlocked! dept.
How you lock your smartphone can reveal your age: UBC study:
Older smartphone users tend to rely more on their phones' auto lock feature compared to younger users, a new UBC study has found. They also prefer using PINs over fingerprints to unlock their phones.
Researchers also found that older users are more likely to unlock their phones when they're stationary, such as when working at a desk or sitting at home.
The study is the first to explore the link between age and smartphone use, says Konstantin Beznosov, an electrical and computer engineering professor at UBC who supervised the research.
"As researchers working to protect smartphones from unauthorized access, we need to first understand how users use their devices," said Beznosov. "By tracking actual users during their daily interactions with their device, we now have real-world insights that can be used to inform future smartphone designs."
The full study is available through the ACM Digital Library.
(Score: 3, Interesting) by vux984 on Thursday June 20 2019, @05:42PM (11 children)
Agree. I don't really want/need a lock on my phone either.
For me, my ideal use would be password after reboot.
Swipe to unlock -- i personally don't need more than that for spotify, placing calls, looking at my contacts, responding to a text, playing a game, using google maps, etc...
I want my email accounts, photos, and documents, protected with a pin.
Plus a couple folders, another email account, and a couple apps, protected by a decent length passphrase; with their data securely encrypted.
and i guess settings should be protected by the passphrase, although i don't want to have to dick around with a passphrase to turn the wifi on and off or adjust the screen brightness... so some sort of smarts around that.
I'm not even sure if I can set all that up, nevermind how...
(Score: 2, Touché) by bradley13 on Thursday June 20 2019, @06:59PM (10 children)
"I don't really want/need a lock on my phone either."
I wonder, then, what you use your phone for? My phone has access to my email accounts, runs my password manager, has authentication applications for mobile banking, for access to AWS, and has other sensitive applications on it as well. If I lose my phone, all of those things are replaceable, but if someone gains access to my unlocked phone I could have serious problems. Obviously, my phone has a PIN, and it's not just four digits.
If you don't see a need for a password for your phone, I sincerely hope that you don't use it for anything more sensitive than surfing. In which case, you are seriously under-utilizing an amazing piece of technology.
imho, of course
Everyone is somebody else's weirdo.
(Score: 1, Informative) by Anonymous Coward on Thursday June 20 2019, @07:20PM (7 children)
If you use your phone for financial transactions or anything that could cost you money, you're doing it wrong. And when (not if) it's compromised, you'll learn that lesson.
Good luck.
(Score: 2) by Farkus888 on Thursday June 20 2019, @07:49PM (6 children)
This is bad advice. In terms of credit card theft or identity theft the better plan is to assume you are hacked already and plan to minimize the fallout when they decide to use your data. For example use credit cards and avoid debit cards because the credit card companies are legally required to pay you back after fraud, debit cards are not.
(Score: 0) by Anonymous Coward on Thursday June 20 2019, @08:29PM (5 children)
Same AC here.
Huh?
I didn't give any advice. I said other AC was doing it wrong. I did not make any recommendations, I just wished them luck with their poor choices.
(Score: 2) by Farkus888 on Thursday June 20 2019, @09:18PM (4 children)
Maybe poor wording. Either way, your comment assumes that modern personal finances can and should be secured. People just don't have the resources or skills required. Better to just prepare to recover. You still need to avoid scams, but any app from your real bank on your phone is otherwise fine. Your phone is to low value... Better for the hacker to get your info and everyone elses direct from the bank or mega store. You can't control their security anyway.
(Score: 0) by Anonymous Coward on Thursday June 20 2019, @10:06PM (3 children)
Do what you like.
At the same time, I'll take my decades of IT and InfoSec experience over the pronouncements of some random asshole on the 'net any day.
(Score: 2) by Farkus888 on Friday June 21 2019, @01:26AM (2 children)
First of all, I got a laugh out off this being posted as AC, thanks. Second, that is exactly my point. Modern skimmers at a gas station are completely hidden, nothing visible no matter how close you look. Coupled with breaches like home depot or target actual being secure is a virtual impossibility even with all of your training and 100s of hours of inconvenience every year. For someone without your training or mine it is even harder since they have to start by doing all the training you did for work. Your advice is so hard for the average person they'll just ignore it. Mine was simple as picking the next card over in your wallet. Anyone can do it with no training and no inconvenience if only they knew they should.
(Score: 0) by Anonymous Coward on Friday June 21 2019, @02:51AM (1 child)
Same AC here.
There is some logic to your point. Sure, there are always risks to using electronic payment systems (which is what credit/debit cards are these days). I had my card data skimmed/stolen once too. And there is merit in preparing for that possibility. I'm with you so far.
However, *recommending* that folks expand their attack surface to include phone apps, especially given that such devices are so incredibly insecure that you don't need a skimmer, or even physical access to the device to gather such information, is bad advice, IMHO.
Note that I haven't made any actionable *recommendations*. I merely observed that if someone was expecting their mobile device to be secure enough for financial information/transactions, their expectations were way off (I did say "doing it wrong." but that adds up to pretty much the same thing).
You need to assume that anything you connect directly to the Internet will, eventually, be compromised. Smartphones are such devices.
Where I disagree with you is that I don't think *expanding* your attack surface is a good idea. Sometimes you have no choice, but if you do have a choice, it makes no sense to do so.
(Score: 2) by Farkus888 on Friday June 21 2019, @02:44PM
Security and functionality are usually a trade off. You're willing to give up more functionality than most. I think that if you ask too much people will ignore all of what you say. Most security people advice is too far for the average person. Personally I think compliance on the basics would get society much farther than better advice ignored. Never use your phone for anything is definitely in the better but ignored realm. That cat is way out of the bag.
(Score: 3, Informative) by Snotnose on Thursday June 20 2019, @07:28PM
Um, as a phone I can carry around with me? I also don't have anything sensitive on my phone. I don't bank from it, I tried using email on it but that drove me nuts quickly. No password manager, no AWS access. I use it to keep in touch when out and about.
Someone breaks into my phone big whoop. You want my contacts? Do me a favor and figure out who these people are, because half of them I don't know. If I knew which half I'd delete them but I've learned the one sure fire way to remember what a contact was for it's to delete it.
The one thing I do have on the home screen is a README, which is an app I wrote myself and displays my email address. Hope is that if I lost the phone and someone finds it they'll drop me an email.
My ducks are not in a row. I don't know where some of them are, and I'm pretty sure one of them is a turkey.
(Score: 2) by vux984 on Thursday June 20 2019, @11:27PM
"I wonder, then, what you use your phone for?"
Did you make it through my entire post? It was only a few lines; and i thought I addressed your comment.
I absolutely do have a *things* on my phone that should be protected with a passphrase: A few folders. A few apps (yes including a password manager, mobile banking, etc just like you). plus an email account, again like you.
But having to protect my entire phone with a strong passphrase to secure that small number of things is annoying and stupid. I don't have any need for a passphrase to search for directions, or to place a phone call to order pizza, or send idle chatter to my wife or kids, to take a picture of a funny bumper sticker, play a game, look up a word in the dictionary or check when a movie came out, fiddle with spotify, or whatever... etc, etc, etc. A fingerprint is plenty to secure that... or even nothing at all. I am simply not worried about securing any of that.
i'd only like to be prompted for a passphrase when i access certain apps or folders or accounts, and its idiotic that its all or nothing. So now I have to enter a secure passphrase that's longer than the text message I want to send to my daughter "eta home?"