Device guidelines:

  • Whether it’s your phone or your computer, a good first step is encrypting it. Encryption is sort of like putting a lock on the box you store your data in – if it’s in a giant safe but there’s no lock, it doesn’t do you much good. Additionally if it only takes 10 guesses to figure out the combination, it doesn’t do much good. Give yourself a solid password that is different from your regular login if the device allows – most don’t but some do.
    • iPhones at this point have native full-disk encryption. Double check especially if you have an older model, but you’re most likely already set. Make sure you set a strong passphrase or that hardware protection won’t matter.
    • On Apple computers, there’s a built in encryption tool called FileVault which should be findable in your Security and Privacy settings. Enable this and make sure you know your password and if you have secure, inaccessible storage for the recovery key, write it down.
    • Windows machines sometimes have encryption enabled by default and sometimes not. It may require a Microsoft account to enable, as it really wants to save your recovery key to Microsoft’s servers. This effectively gives a backdoor into your supposedly secure filesystem. If you are able to enable encryption without a Microsoft account, go ahead! If not, Windows Pro has a tool called BitLocker that will allow you to full disk encrypt as well. Your final option is downloading VeraCrypt, which is by and large solid although the makers of the system it is based on believe that acronym security agencies are able to crack the encryption.
    • Android phones have a switch in the settings (generally under security) to enable full disk encryption. Flip this switch and make sure your password is solid and you’re good to go!
    • The easiest way to encrypt a Linux machine is to set it up while installing the operating system. Depending which version you use, Linux can be extremely user-friendly but if it is your first time setting it up, we recommend finding a guide for the particular flavor of Linux you’re using as to how to configure your encrypted disk.

Phone behaviors:

  • Be aware of the ways your phone is trying to sync – Google and iCloud are the obvious two, but your cell phone manufacturer or network provider may also try and sneak in a syncing account. Delete all of these possible that are not connected to your billing account and halt syncing/clear storage for those that are.
  • Your phone password should be alphanumeric if it is available. Make it at least 10 digits/characters – phone cracking technology is constantly advancing and chances are that soon we’ll be recommending even longer ones.
  • Never use fingerprint unlock – current legal precedent is that fingerprint or face unlock can be compelled by police but disclosing your password cannot.
  • Consider which accounts you want linked to your phone. Sensitive email accounts may not make sense to have constantly sending information to your phone and should stay on a secure computer.
  • Use Signal for messaging! More particulars about this are covered in the communication section of this site.
  • If your phone is going to be taken from you, turn it off. This ups the enabled security level and makes it harder to get into.
  • Set the shortest screen timeout you can that still leaves your phone usable for the things you need it to do.
  • Save your contacts with minimal info. Don’t include last names you don’t need to, don’t include specific risky projects or additional identifying information in the contact names