Vulnerability of having everything on your phone

[echoreply]

FairyChatMom:

He still doesn’t lock his phone

I really like the fingerprint scanner. For me, it is so fast that when I pickup the phone, it is unlocked by the time I can look at it. I do know some people who claim to have “old fingers where the prints have all worn off.” It’s also a question of threat model. I’m defending against somebody random, like a child who lives in my house, accessing my phone. The government likely can compel me to show them a finger to unlock it.

Dewey_Finn:

That sounds like the sort of electronic trail that the police could use to track them down

In the OP, the police didn’t care.

Also, a reminder for those of you who may think your safe because you don’t have banking apps on your phone. If your phone can access your email, then your phone can probably be used to reset almost all of your passwords. To a thief who knows what they are doing (or who to sell it to), access to an email account may be worth more than just the money in one account.

I’m not saying remove all email access from your phone, just to be aware of the vulnerabilities. If your phone is compromised, the first password to change is your email password.

[DesertDog]

Dewey_Finn:

On the other hand, forcing you to go to an ATM and withdraw cash leaves no trail.

On the gripping hand, most of the ATMs I’ve encountered have a $200 a day limit.

[doreen]

Where are these ATMs , in banks or in convenience stores? Because I know I can withdraw up to $1000 per day from my checking account and I think my savings account has a separate limit.

[DesertDog]

I stand corrected – inflation strikes. $5,000 is a lot of 20s.

[Procrustus]

DesertDog:

$5,000 is a lot of 20s.

The ATMs around here switched to 50s and 100s in the last few years. Or, you can ask for 20s. (even 10s and 5s)

[Kropotkin]

Machine_Elf:

Came in here to say this. A friend and I wrote our theses 24 years ago, and made frequent backups and backups of our backups. Hard drives fail, laptops get dropped/stolen - and 24 years ago, Zip disks/drives were notorious for frequent failures. Can’t think of a good reason not to have backups of all of one’s precious files, either in the cloud or on a physically isolated/air-gapped drive.

And before that, I knew someone who made 3 copies of his thesis in progress–one typed, 2 carbon copies. As he worked on it, each night he would line up all the original pages, wrap them in tin foil and then plastic, then put them in the freezer compartment of his fridge, on the theory it was the most fireproof place in the apartment. He would then put one copy in the outside mailbox and the other in his locked desk drawer. In the morning he would retrieve everything and get to work, repeating the security precautions at the end of the work day.

[gnoitall]

echoreply:

To a thief who knows what they are doing (or who to sell it to), access to an email account may be worth more than just the money in one account.

But that’s a targeted attack, not OP’s random mugger.

[DesertDog]

Procrustus:

The ATMs around here switched to 50s and 100s in the last few years.

Everything old is new again. The bank I use had 20s and 5s for a year or two after introducing ATMs then dropped the $5 option to offer only $20s.

[zbuzz]

Muggers forced him to transfer money from his bank app, but didn’t take her laptop because she didn’t have a backup of her thesis. Sure. That makes sense. On every level.

[Bootb]

Dewey_Finn:

Plus transferring money to someone at gunpoint leaves a paper trail (or really an electronic one). Surely a criminal doesn’t want that?

Your average criminal is not exactly known for well-planned crimes.

[CookingWithGas]

zbuzz:

Muggers forced him to transfer money from his bank app, but didn’t take her laptop because she didn’t have a backup of her thesis. Sure. That makes sense. On every level.

I am not here to figure out the mind of a mugger. The question is about balancing risk vs. convenience of having financial apps on your phone.

[Wolf333]

My banking app only allows me to transfer money between accounts. Not very useful unless the thief is easily amused.

My email requires a separate PIN or facial recognition to open.

Even on public wifi, the data between your device and your bank is encrypted. If not, there is an issue with your bank.

[Spice_Weasel]

I’m just horrified someone in this day and age didn’t keep a backup of their doctoral thesis.

I have pretty much everything on a cloud somewhere. Sometimes more than one cloud. And a backup service. And occasionally I back up to USB. I’ve had bricked phones and dead hard drives and never lost a thing.

Armed robberies of phones, while scary, are not particularly common relative to hackers, and I believe the best way of dealing with them is to use a password manager and two step verification.

I’m also just very skeptical that a thief could get someone to successfully transfer money with a phone app. If that somehow really did happen it seems like it would be vanishingly rare. Someone committing an armed robbery is probably in a hurry to not get caught. So I wouldn’t worry about that bit too much.