Securing Personal Information: Smart phone

gjacobse

@scottalanmiller said:

@g.jacobse said:

This morning I took my sun to the doctor

Well - he is a bright spot of my day....

@scottalanmiller said:

Check out Keypass. Although for things like this, we just use our family wiki. It is a MediaWiki wiki and secured on our own server and encrypted via SSL. @dominica and I love it. We keep all of our important info there and a lot of trivial stuff too. From bank account info to a guide to what we packed in which packing boxes.

I have Keypass on the desktop / laptop. but there isn't a KeYpass for iOS. it's MiniKeepass. I can drop the file into my DropBox account and pull it from there and use the same database.

Any concerns with that process - dropping the db in to a cloud storage location - Yes,..I admit,..Just a tad bit on the paranoid side...

scottalanmiller

DB on cloud storage is normally fine. We've tested the same using Sharepoint as the storage for a KeyPass DB.

For me, being less paranoid, I would just keep my data on OneNote in OneDrive or something similar. Evernote or whatever.

thanksajdotcom

LastPass gets my vote

Dashrender

@scottalanmiller said:

DB on cloud storage is normally fine. We've tested the same using Sharepoint as the storage for a KeyPass DB.

For me, being less paranoid, I would just keep my data on OneNote in OneDrive or something similar. Evernote or whatever.

I take it you trust the encryption on OneNote?

scottalanmiller

@Dashrender said:

I take it you trust the encryption on OneNote?

OneNote itself doesn't encrypt anything. I don't really need that data encrypted at rest as I'm not storing it anywhere that I am worried about.

Carnival Boy

SSN = Social Security Number, right? Like our National Insurance number in the UK. Is that so sensitive that you have to encrypt it on your phone?

I tend to store numbers as a normal made-up contact on my Hotmail account. The contact name will give me a clue as to what the number refers to, and I might write the number backwards or have some other crafty way of writing it that only I can interpret correctly. Basically doing my own kind of encryption. So I might have a made-up contact called Sue Smith - her initials SS referring to Social Security.

gjacobse

@Carnival-Boy said:

SSN = Social Security Number, right? Like our National Insurance number in the UK. Is that so sensitive that you have to encrypt it on your phone?

I tend to store numbers as a normal made-up contact on my Hotmail account. The contact name will give me a clue as to what the number refers to, and I might write the number backwards or have some other crafty way of writing it that only I can interpret correctly. Basically doing my own kind of encryption. So I might have a made-up contact called Sue Smith - her initials SS referring to Social Security.

Yes - SSN = Social Security Number

There is a pretty decent drive in the last year or so to safe guard private information due to the high number of SCAMs, and pirating. All you need a the SSN, Name and little else and you can really ruin a person.

The security conference I was at last week, the Detective on a FBI task force asked us how many of us pull credit reports on ourselves to check for isses,.. then asked how many of us pull them on our children.

He stated that if we have children over the age of about 13, we should be pulling one every year to monitor it. He's dealt with several families where the child turns 18 (legal age) and finds out he has had a credit card, electric bill for 5 or more years and his credit is destroyed....

scottalanmiller

@Carnival-Boy said:

SSN = Social Security Number, right? Like our National Insurance number in the UK. Is that so sensitive that you have to encrypt it on your phone?

It's not supposed to be sensitive. It's not a legal ID but a lot of monopolies that control your life in the US (the credit agencies being the only important ones) use it inappropriately as an identifier. So getting a hold of someone's SSN allows them to impersonate you.

Yes, the US actually has that as a problem. Mind boggling, I know.

scottalanmiller

@g.jacobse said:

He stated that if we have children over the age of about 13, we should be pulling one every year to monitor it. He's dealt with several families where the child turns 18 (legal age) and finds out he has had a credit card, electric bill for 5 or more years and his credit is destroyed....

Just need a good lawyer for that. A credit agency illegally collecting data on a minor is a crime. They don't have any right to do so. You just have to be willing to go after them for damages. As with everything in the US, nothing is a crime unless the victim can afford a good lawyer.

Reid Cooper

It's horrible how social security numbers are abused in the US. Until the government decides to protect the people from identity predators by completely stopping the use of SSNs as IDs by third parties it will continue unabated. There is no incentive for the companies doing so to collect legitimate data.

Dashrender

@scottalanmiller said:

@Carnival-Boy said:

SSN = Social Security Number, right? Like our National Insurance number in the UK. Is that so sensitive that you have to encrypt it on your phone?

It's not supposed to be sensitive. It's not a legal ID but a lot of monopolies that control your life in the US (the credit agencies being the only important ones) use it inappropriately as an identifier. So getting a hold of someone's SSN allows them to impersonate you.

Yes, the US actually has that as a problem. Mind boggling, I know.

Off topic I know, but how would you solve this? Even if the Credit companies all decided to assign you a unique number, how would it be any safer than a SSN?

Dashrender

@Reid-Cooper said:

It's horrible how social security numbers are abused in the US. Until the government decides to protect the people from identity predators by completely stopping the use of SSNs as IDs by third parties it will continue unabated. There is no incentive for the companies doing so to collect legitimate data.

But again, all this does is shift it from a government issued number to a privately issued one, how is that any safer?

scottalanmiller

@Dashrender said:

Off topic I know, but how would you solve this? Even if the Credit companies all decided to assign you a unique number, how would it be any safer than a SSN?

Because it would be THEIR number to protect and not a public number needed by you and for you for nearly everything that you do. Your SSN is not an ID, is not unique, is not protected, is not secret, cannot be changed and is needed for a massive array over everyday things. It is used as a password, not an identifier in many cases.

Nearly everyone who stores information about you stores it privately. Credit agencies are unique in that they collect data not connected to you and tie it to you by something that is not an ID.

JaredBusch

Back on the original topic (because I was not here for a couple days)...

@g.jacobse mentions reducing accounts.. You cannot reduce accounts. You need to expand them.

Reducing accounts means tying more services to fewer accounts. That is the opposite of what you want to be doing.

You want all services to be unique accounts unrelated to each other. In theory you would have a different email for all of them, but that is going overboard.

Each service should never be linked to a Google account or Facebook account, etc. You should be signing up to each service directly using their internal account creation system with a unique password on each system.

Then use LastPass or KeyPass to handle all of the account authentication.

KeyPass is much less useful and the work it takes to make it as useful as LastPass is not worth the investment of time. LastPass is $12/year to gain access to the mobile app.

gjacobse

@JaredBusch

It's over all that I'm trying to reduce the number of accounts. In cases of places like Pintrest - it has it's own account details,.. I didn't and don't trust the Google or Facebook sign in.

My Facebook page is close to being deleted... It's only there to follow a few people that I would not otherwise be able to follow / communicate with. Facebook mobile split the FB app and Messenger - I'm not installing the messenger - don't like extra crap on my phone.

I believe I have a total of seven GMail accounts.. separation and function,...

I will look at LastPass - but even at $12.oo a year,.. I'm not sure I want to pay for something... I like OpenSource and free if possible. But respect the authors and they do very much deserve support for the work they do.

scottalanmiller

@g.jacobse I would keep the messenger and not use the FB app if I had to choose just one. Keep the one for communications.

JaredBusch

@g.jacobse said:

I will look at LastPass - but even at $12.oo a year,.. I'm not sure I want to pay for something... I like OpenSource and free if possible. But respect the authors and they do very much deserve support for the work they do.

It is free to use. You only have to pay for the Premium membership if you want to use the app on your mobile device. But at that point it is the same as KeyPass, just slightly better in that as a commercial application, things are generally more polished.