If you received a new PDA for Christmas, some things to consider...

This is something I've been meaning to write for a while. There are excellent guides to running PDAs all over the web but I felt that one more try to make users think about PDAs and personal information would be worthwhile.

Most (hopefully all) of us take lots of care to keep our PC clean of malware and our private information truly private. That said, I'd wager most PDA owners take very few actions to protect their PDAs and the personal info on them. This also includes the personal info syncronized on their PCs.

I am not saying that I know everything about safeguarding this information but hopefully I can get new users thinking about what they might do to better protect their personal info.

First, as with nearly everything else in Windows PCs, if you can move to XP, do so. It offers a much greater ability to place safeguards for private information.

XP allows the setup of separate, limited user accounts. In most cases, these limited accounts can be controlled by a single administrator account. I recommend that the PDA be setup for one user account and one only. (This PC user account should also be password protected.) If file/folder sharing is restricted on these accounts, and the PDA sync software is loaded to the correct path, then the information it contains will be limited to only that user. As an example, if the PDA syncronization program is loaded to the path of C:\Documents and Settings\Username\PDA Software (PDA software being say Palm or MS Active Sync) then only the account of Username would be able to access those files. (On my PC, I have 2 user accounts. One limited account for web surfing and one adminitrator account for maintaining the PC. My PDA syncs via the Admin account so that when I'm on the web, the PDA files are not accessible.)

Second, on the PDA itself, while it's very very handy to have it so that you just turn on the power switch and go, it's just not a good idea to do so. If you should lose your PDA or leave it unattended for a while, what would prevent someone from seeing everything in it? This could be disastrous if sensitive personal or financial info was on that PDA.

So I recommend that the PDA be setup so that it cannot be turned on and accessed unless a password is entered first. While this is certainly a pain, it could make a big difference in protecting your privacy. (Along with this, one additional thing can be done to help keep things private. An example, on Palm units (I run a Palm), one can mark records as Private. If records are marked Private, they can be masked from normal view if one desires. Another bigger advantage (IMO) is that if a power up password is enabled, and the PDA is stolen/compromised, the thief cannot reset the password without erasing all Private records...)

One last thing comes to mind at this moment that I think is very critical. Protecting one's family and friends addresses, home and work phone numbers and one's appointments can be pretty important. But what about the vital web logins, online banking passwords, bank account numbers, maybe even social security numbers for your spouse, kids and/or parents? For these kinds of things, you need something more than what comes with the PDA. You need some kind of password protected data storage program that encrypts that data (on both the PC and the PDA.)

One program I like for this is SplashID. http://www.splashdata.com/ppc/splashid/index.htm (This link is for the Pocket PC version.) This kind of program offers a highly customizable interface for all of your most sensitive data and it also offers the high level of encryption that is so important. One thing to keep in mind when loading this program into your PC is that it needs to go into the same Username account area as the syncing software did. This limits it's availability on the PC to just the one user as I first noted. Then, should your PC or PDA become stolen or compromised, your data is not just laid out for the thief to see...

Keep in mind that following these procedures do not and cannot guarantee that your private info will always remain private. Nothing can guarantee that. (I guess if you don't use a PDA... but how awful would that be? :( ) Anyway, I hope this helps someone out there... :)

Thanks HAN, that was a good read. Ill leave this at the top for a while.

Im hoping to get myself a PDA soon...I say soon, its been like 3 months:rolleyes: When I do get one I will be looking for security measures just like these.

Just to update a bit for a Palm PDA... (again, the brand I use.)

As I mentioned above, using a powerup password on a Palm is still a good idea. Clearly better than doing the all to often nothing. But after writing this post, I have done more detailed research and learned that there are a few Palm powerup password cracking programs out. These programs allow the password to be reset or bypassed without deleting the records marked as Private. So a determined thief could spend a bit of time and be able to get into the Private records.

So, with this knowledge, I wanted to modify my advice a bit and recommend that if you can afford to spend a bit more, an additional program such as OnlyMe and TealLock will give better security than the built in Palm powerup password. OnlyMe is a simple and easy program to use. TealLock offers more security options but it is more complex and memory intensive. (I chose OnlyMe mainly because of it's minimal impact on the Palm. I didn't feel I needed TealLock's extras...)

Hope this helps even a bit more...