Tell me about your mobile security practices

[darkskys]

I’m interested to hear how people manage their phone security, especially in regards to financial information. I did a search but the forum search tool doesn’t seem great.

I follow basic practices:

1. Only log into banking apps on secure networks.
2. use complex passcodes generated through iCloud Keychain. 6 digit phone pin
3. Use MFA where ever possible.

I do all my banking if the mobile apps. It convenient and I don’t fire up my computer all the time. I also figure if someone got into my phone they could access my keychain as well. Obviously if they did this I’d make moves to quickly wipe my phone remotely.

Possible improvements:

1. 3rd party password manager, require master password on every attempt to access a password (not sure if this is possible)

2. Take all financial apps off my phone. Not sure if this would help though, see above.

3. Nuke Venmo. Not sure if this is necessary, but since it goes directly to my bank account, this seems like a high risk app.

My basic security practices should cover a lot of cases, in the exception of physical assault which I have a multitude of problems anyway on top of this. Of course I’m open to any and all recommendations.

[snic]

1. 3rd party password manager, require master password on every attempt to access a password (not sure if this is possible)

This is absolutely possible. I use Keeper and this is what I do. My 2FA comes through my phone so I don't want to have Keeper logged in all the time on my phone. I also don't use biometric login for Keeper - only the password and second factor. Keeper also logs out automatically after half an hour.

An improvement would be to use something like a Yubikey for 2FA for the password manager. That way someone who seals your phone would need to also steal your Yubikey, AND know your master password for the password manager, to access any app on the phone that's no logged in.

[bacchi]

I use Password Safe, which has a handy keyboard mode for pasting passwords. It's also usable on Linux, Windows, and Mac (as Password Gorilla).

For Venmo and mail, I installed Norton App Lock.

[TreeLeaf]

I don't have any banking apps on my phone, and don't use it to log into banking websites.

The phone has a pin, and will wipe itself if an incorrect pin is entered too many times. I can also remotely wipe the phone.

Banking websites all have two factor authentication enabled tied to an authenticator app which is on my phone. So I need the bank password, and my phone, and my phone pin to access it, and the one time authentication code from the authentication app.

I only log into the banking websites from my house, over a secure network, only using specific computers that only I have access to which aren't used for gaming, web surfing, etc, which have anti-virus software installed.