deleted by creator
Anything worth protecting uses 2FA and they wouldn’t have my Yubikey so … yeah, I’d be fine. Annoyed, but fine.
Is this a thing, like are most thiefs not interested in selling the hardware?
To answer the question: Id be pretty fckd i guess. Passwords are gated behind a password manager but my E-Mail would be exposed.
Hardware is good, but why not have both?
Imei Blacklisting makes them not very valuable anyways. Data worth a lot more.
Btw someone got a fradulent copy of my mother’s ID somehow. Like not a “fake id”, an actual real government issued ID, but fraudulently obtained mailed to some random address. They started trying to access money in banks, then tried sim swapping [edit: The sim swapping actually worked. Calls from my mother’s phone stopped working and other lines in the same family plan got a notification, so my parents went to the phone company and removed my mother’s name from the account and replaced the sim. As for the bank accounts, they closed and reopened the accounts with new account numbers and they had a note in there to double check the picture (which is still of my mother’s) and address on there (which the fradulent ID had a different address). They never managed to take any money. But it wasted a lot of time.]
So like, its a thing that happens. People think “identity theft won’t happen to me, I’m not important enough”, then someone steals your identity. These things never gets investigated. They said “we’ll investigate” but like a year later, not a word from those “investigators”.Only if you steal from the rich do any investigation gets done. They don’t care about the average person.
TLDR: Protect your data. Identity theft is actually common.
May be overthinking it a bit, the typical opportunistic thief that would try to snatch a phone and run is just looking to see what bank apps you have installed. Usually they are looking to see if you have something like Venmo installed so they can go into your app and send themselves your money. Venmo of course will say that money was transferred from your phone so it was clearly you and there’s nothing to dispute, hence you’re fucked.
These type of thieves already know to try to keep the screen unlocked long enough to do that, afterwards they usually just toss the phone somewhere. The phone hardware itself isn’t that useful while it’s still locked down and tied to someone’s Google/Apple account, most phones are firmware locked in that fashion. Sure they could wait it out until you finally remove the phone from your Google/Apple account but every time they check it’ll keep giving out their location, not really worth it.
Nowadays current Android phones do have theft protection to prevent loss in a snatch attempt e.g. my Android has settings to auto lock it if it detects fast movement while unlocked, and it also auto locks if the entire phone itself has been set offline/airplane mode for a while.
My screen timeout is a minute, so they likely can’t get very far before bumping the side button or just not babysitting it for 60 seconds and needing a long password or fingerprint. Any app worth looking at needs a fingerprint as well, so even if unlocked, not super valuable short of a highly coordinated, personally targeted attack. In which case Pegasus would be easier and faster.
Plus, I always “pull over” and hold my phone with two hands when in a busy public place.
100% fucked.
I use Private Lock. It uses gyro to detect sudden movements and lock the phone based on that.
Real phone in my bag hotspotting for a burner I pull out in public is how I did things when I was paranoid.
I’m so done.
Nice try Mr. Thief !
It auto-locks in 15 seconds.
I never unlock my phone if anyone is nearby. Yes, I look around first before unlocking.
If they somehow managed to get it to not auto lock after 60 sec then I’d have to change passwords on 3 different emails.
Worst thing they would have is my browser history.
They can’t transfer any money without my fingerprint or password to the app.
I run my own NAS and Nextcloud server. Most of the data on my phone is synced there.
So I am somewhat prepared for the loss of my phone, but not really for the possibility of someone else using it (accounts etc).
This is such an important distinction to make. Being able to wipe the phone would require a second device, so unless you are with someone who has access to that phone, you have to wait until you get home to initiate it.
Iirc my pixel has a “in case your phone is stolen from you” automation. Though I don’t know the mechanics of how it works.
Yeah, I couldn’t get into my account on someone else’s phone to wipe/trace down my phone. As I believe I’d need 2 factor authentication. Which while mobile I can’t do without my phone. I’d have to wait till I got home and a device id previously been logged into.
For Android, it looks like you can go to https://android.com/lock and use your phone number to lock your phone.
No MFA required. But this has to be enabled on your phone in order for it to work.
Interesting, that’s good to know. I immediately tried to lock the woman’s phone next to me by using her number, she didn’t have it turned on either. I have an odd feeling someone is going to write a script that locks someone’s phone screen at random intervals throughout the day. Schedule it as a task whenever they log into their work computer so you can watch them struggle with it throughout the day then end the task when they lock their screen/log off.
I actually had the same reaction and so I looked into it. The threat is pretty low.
Worst case scenario is that you’re working on something critical and your phone gets locked. You unlock it with PIN and move on. According to the docs, this can only be done a few times a day (iirc twice. I’m too lazy to look it up again. It’s 2am and I should be sleeping 😅)
If it gets annoying, you could turn it off until the attacker moves on.
More realistically, you’re on Lemmy while in the bathroom and you just have to unlock your phone.
If it happens with some level of regularity, I’m sure Google would either rate-limit the attacker or the phone number.
They would have to turn on airplane mode quick while they were running because as soon as it has data, I’d have their location and my phone would’ve already been marked lost / stolen by my watch and queued for factory reset.
While in airplane mode there really wouldn’t be much they could do. Anything useful is locked by Face ID. They could see my calendar and my most boring emails. They would have no passwords.
The phone itself would be useless as a phone as it couldn’t be used in another carrier.
I mean, that’s kinda the point of this question: How quickly can you issue a wipe command to your phone?
If you only have one phone no backup phones, now quickly can you access a internet device to issue a wipe command? And will you even remember the google/apple account password quickly enough in such a stressful moment?
Little macro running on my phone, that as soon as my smartwatch gets out of range, it locks the screen. Add the ability to format via wasted remotely, and we are set. The only way to disable internet/ actvate airplane mode is to insert the password if the screen is locked. Also I’ve never checked, but if graphene has a dead man’s switch, not even poweing off would keep the data intact.
Little macro running on my phone, that as soon as my smartwatch gets out of range, it locks the screen.
How do you do that?
Not the parent commentor, but I do something very similar with Tasker. Whenever my phone disconnects from one of a list of Bluetooth connections (like my watch or my car) or even if it just gets a solid jolt to the accelerometers, it goes into lockdown mode. This means the screen gets locked and biometrics can no longer be used to unlock it, requiring the entering of a PIN code to unlock.
I remember doing something weird with automate to make it work, but i don’t exactly remember what i did. Since it’ been so long.
