How to not lose your mind when you lose your phone
Your phone is often the single point of failure for your online life. Here is a simple guide to help you protect your online presence despite the loss of your phone.
- Ram Iyer
- 9 min read
Table of contents
In the last two articles, we spoke all about security, prevention of loss and possible recovery of the device. But that again is a limited picture. As my friend writes:
It dawns on me that somehow I’ve managed to make my phone a single point of failure for my digital identity.
Kudos to her, this is not something people easily realise.
In this article, let us switch gears and ensure that your online life does not get affected by the loss of your phone. Here is how you could handle that:
Use a password manager
The very first step, which I cannot stress enough. Your passwords are the keys to enter services. Like your mailbox, your social media, bank accounts, etc. And you must have strong passwords that you are not repeating across services. (Would you use the same key to unlock your home, your bank safe locker, your locker at home, your car, your office, etc.?)
A password manager stores these passwords in an encrypted form for you. This way, nobody other than you can read your passwords. Also this way, you can have different complex passwords for different services, without having to remember which service uses which password. These password managers also automatically show you (and even fill, if you so configure them) passwords for the different sites/services. They verify the domain and prevent you from entering passwords on spoofed sites and so on.
Memorise only one password, that is of the password manager. Use a sentence as a password, like, ‘Acetaminophen 650mg is just Dolo.’, which is 32 characters long (that is to say, really long), has uppercase letters, lowercase letters, special characters (spaces and full stop) and numbers. Also enable two-factor authentication.
Enter your password for the password manager manually in private so you build muscle memory for it. Also enable biometric unlock on the password manager. I recommend biometric authentication on the password manager installed on your personal devices, because then, nobody can shoulder-surf your password. This password is unfortunately your single point of failure, and so, you should make it as complex as possible. Treat this password as you would your soul.
Now to the next step: Install this password manager on multiple devices and enable syncing between them. If one device is lost, you can use your password manager on another device. Cloud-based password managers are the way to go for most threat models. Again, if you don’t know what a threat model is, go with a cloud-based password manager until you understand what a threat model is and build your own threat model, at which point, you can decide on whether to migrate to self-hosting, or to the painfully difficult but private method: have a local-only password manager, make copies of the safe and store them in multiple locations and manually sync them every time there is a change.
The default choice should be a cloud-based password manager. A cloud-based password manager is absolutely fine, provided you have a strong password/key to encrypt your password safe. This way, you have a secure space to store passwords, have several secure copies of your vault, and you are no longer dependent solely on your phone.
Contacts always on cloud
Use the cloud for contacts. Unless you have a very serious use case (like you are a journalist and you store your source contacts on your primary phone), always store your contacts on the cloud. These days we don’t remember phone numbers of people. And we have hundreds of contacts, making it virtually impossible to remember the numbers. Storing the contacts on SIM card memory used to be good portability in the noughties, but soon, we realised the limitations of SIM card memory—they could not store multiple numbers, they could not store other metadata like birthdays and even emails if I remember it correctly.
Cloud is the best way to store your contacts. If you don’t want to use the cloud, because, say you are a journalist, and you must keep your sources safe, make a backup of your contacts periodically and store them in a safe place.
Backup your phone
Sounds complicated, but it is not. Both Apple and Google give you the option to periodically, automatically back up your phone. Apple gives you 5 GB of iCloud storage for free, Google gives you 15 GB on Google Drive. Use it. Here are the instructions for how to do it on iOS and Android. This way, when you get a new phone (or get your phone back after being reset by the thieves like my friend did), you can get up and running as soon as you restore your backup onto it.
If your WhatsApp data is several tens of GB in size, consider turning off media backup for WhatsApp. Skip the good morning images and memes and save only what you need. Or buy the necessary storage space. Cloud storage is inexpensive these days.
If you are concerned about privacy, and would not like to back up your phone to the cloud, or would not like to pay for the cloud in case your backup is larger than the space available for free, you can back up your iPhone to your desktop or laptop. Instructions for how to do that is in the same iOS help article. Ensure to tick the box for ‘Encrypt local backup’ to be safe.
If you are backing up your phone to your laptop and your laptop leaves your home, remember that it also can be stolen or lost.
Backing up an Android phone to a PC or Mac is a bit challenging. Some OEMs like Samsung have applications that can backup your phone. But not all manufacturers do. Of course, there are third party apps that help you back up your phone to your PC. But your mileage may vary.
If you use iCloud, consider enabling Advanced Data Protection. Otherwise, a lot of the backup data could be read by anyone who can get into your iCloud. (Unfortunately, if you live in the UK, you can no longer enable Advance Data Protection.) Enabling Advanced Data Protection gives you complete control of encryption, which is a responsibility that comes with risks leading to data loss if you are not careful. Once you enable ADP, even Apple cannot help you if you recover your data if you lost your credentials. Ensure to save your recovery key in a password safe, and consider assigning trusted contacts. Read more about it on Apple’s official documentation.
Mind your apps
Not all apps allow backing up to the cloud. Signal is one of them as of writing this article. If you have data from these apps you would like to protect from loss, make screenshots or text copies of them (always with consent) in an encrypted notebook or such storage.
Log into apps in multiple locations
Your phone is just another computer. What you can do on your phone, you can do on any other computer. (Well, mostly; some apps are deliberately restricted to work only on one device—for security and such reasons—while some apps are just not designed for the big screen.) Log into your apps on more than one devices. This is called ‘redundancy’ in tech terms. With redundancy, you continue to have access to your app data when you lose your phone. (Signal is an exception here as well. There is one primary device, and if you lose it, you lose your Signal data.)
Buy two hardware authentication keys
Save up money to buy a hardware authentication device from Yubikey or Nitrokey. You can buy the simplest one, with no bells or whistles. These are devices that look like a pen/thumb drive and connect to your computer’s USB (-A or -C) port. These devices are available on Amazon (affiliate link—I may make a small commission at no additional cost to you; thank you for the support) or other online stores. These can serve as a second factor of authentication and/or as Passkeys if you lose your phone. Buy at least two of these devices and configure all your online accounts with both the keys. Again, redundancy. Keep one of the keys in a secure location. If you are unfamiliar with Passkeys, I will write a different post about them. I have been using these devices myself for nearly a decade now, because they are important for the security of online accounts. Look up their setup on YouTube. You no longer have to be a Tech Bro to use these.
Yubico - Security Key C NFC
Black- Two-Factor authentication (2FA) Security Key, Connect via USB-C or NFC, FIDO U2F/FIDO2 Certified
Go cloud, go cross-platform
Most apps you get on phones, in one way or another, interact with their corresponding cloud service. And most of these cloud services have cross-platform presence. Ensure any of the software/services you use at least has presence in two of the platforms you use (Web-based, iOS and Windows, Android and Windows, iOS and Android, Android and Linux, and so on). This way, you will be able to log into the same service on several devices at the same time.
Also, use the cloud wherever you can. This way, your data is always available somewhere. Just ensure that any cloud service you use encrypts your data, because online data thieves abound. You don’t want your personal data leaked while you try to create data redundancy.
Always use a private/incognito tab
On your favourite browser on your phone, always use a private/incognito tab. Browsers generally don’t come with an app lock. And if you remain logged into services on the browser, someone flicking your phone while it was unlocked (like when booking an Uber) will be able to go into the browser and do you a lot of damage, including logging into your bank account.
When you set your browser to always open in private or incognito mode, you force your browser to clear cookies every time you close the browser. This way you never remain logged into any of the service, and therefore, no one can misuse your browser against you.
When coupled with a password manager that has auto-fill, your logging in experience becomes so seamless and fast that you will not miss the “always logged-in” way of life.
But that is not all
You are already ahead of most people out there by following the steps outlined in these three articles. But to truly go “pro” grade, to be absolutely worry-free about your data, there are a few more steps, which we will discuss in the next article.
Meanwhile, if you haven’t yet read the previous articles, now may be a good time for it. Here are all the articles in this series: