Opinion
Are we carrying too much of our financial lives around with us? If we are, asks Jon Bentley, what can we do to make us less vulnerable?
A recent New York Times article shocked many, me included, by showing how easily a stolen passcode can ruin your digital and financial life. It centred on iPhones but Android users are no safer. A criminal would observe someone entering their passcode, trick them into giving it away, or worse still make them reveal it at knifepoint. Then they’d steal the phone and change the passcode, change the face in FaceID, the password in AppleID, turn off Find My iPhone, and render the passwords in a keychain unusable, all within a minute or two.
My own enthusiasm for financial apps dates back to interviewing an ex-hacker, many years ago. He strongly advised doing online banking through a phone rather than a browser because it was way more secure. Since then, helped by reassuringly sophisticated biometric security features and sheer convenience, phone-based banking has become the norm.
Surveys suggest 90% of us now use banking apps, but unauthorised access to them plus everything else on your phone – social accounts, photos, emails and even these days your car keys – compromises almost all aspects of your life and makes this portable ‘attack surface’ so rewarding for the criminal. It doesn’t help that many extra verification codes are sent through to your phone too – whether by SMS or through a (more secure) authentication app. The very device that institutions use to try and protect you is the one that’s been nicked. Some banks have been sufficiently concerned about your phone’s vulnerability to start generating their own versions of your biometric identity, which they store on their servers rather than locally on your phone.
The very device institutions use to try and protect you is the one that’s been nicked
To be fair Apple has begun to address the issue seriously in iOS 17.3. The new Stolen Device Protection feature requires additional Face or Touch ID authenti
