My PDA Is Gone!

Protect yourself and your data in the event that your PDA is lost or stolen.

John D. Ruley

June 23, 2002

6 Min Read
ITPro Today logo in a gray background | ITPro Today

My Palm VIIx was missing. At first, I thought I'd misplaced the silly thing and that it would turn up eventually. But after an intensive search of my home and office, I realized the device was lost. I remembered having it on a recent flight but couldn't recall using it since. I began to worry that someone might have stolen it. Fortunately, a quick check of my Palm.net account status showed no use since the date of the flight, and I had created extensive backups of the device's data. As you'll see, my story has a happy ending, but imagine how I'd feel if I'd hopelessly lost all the device's appointments and contacts. To prevent such a disaster, you can take action now to protect yourself and your data in the event that your PDA is lost or stolen.

Owner Information
If you're like most PDA users, your greatest fear is that you'll leave your PDA in a taxi, airplane, restaurant, or other public place. If you're lucky, the person who finds your device will be honest and want to return it—but, of course, the person needs to know how to reach you. You can use the device's software to enter contact information. Here's how to do so on Palm and Pocket PC devices.

Palm. When you first configure a Palm OS device, the setup process prompts you to enter owner information on a free-form text page. You can enter any identifying information you want. To later view and edit this data, you can tap Prefs on the System page, then tap Owner.

Unfortunately, to see this information, the person who finds your device must know where to look. To configure your device so that your owner information appears at startup, tap Security on the System page. Tap the Password field and enter an alphanumeric password. (The device requires you to enter this password twice.) Next, tap the Security page's Lock & Turn Off button, which turns off the unit. When you turn the unit back on, it will immediately display your owner information and a prompt to enter your password, as Figure 1 shows. Until someone enters the password, the device remains locked.

You can configure the device so that it locks and turns off when you drag the stylus from the Graffiti area to the display. Tap Prefs on the System page, access the Buttons menu, and tap Pen at the bottom of the page. On the resulting Pen page, choose Turn Off & Lock from the drop-down menu and tap OK. Now comes the hard part: Instead of using the power switch to turn off the unit (in which case, the device won't lock), you must get in the habit of dragging the stylus (or your finger) from the Graffiti area to the display.

Pocket PC. To set owner information on a Pocket PC, select Start/Settings and tap the Owner Information icon. On a form that contains predefined text fields, you enter your name, company, address, telephone number, and email address. (You can leave any of these fields blank.) By default, this data appears as part of the Today screen. To display the information on powerup, select the Show Information When Device Is Turned On check box.

You can choose to enable the use of a PIN (or an alphanumeric password, if you have a Pocket PC 2002 device). Select Start/Settings and tap the Password icon. Pocket PC 2000 devices prompt you to use an onscreen numeric keypad to enter a four-digit PIN. After you enter the PIN, select the Require Password When Device Is Turned On check box and tap OK. Now, whenever you turn the device on, you'll need to enter the PIN, as Figure 2 shows.

On Pocket PC 2002 devices, the Password page gives you three options: No Password, Simple 4 Digit Password (similar to the Pocket PC 2000's PIN), and Strong Alphanumeric Password. The Strong Alphanumeric Password option requires you to use one of the device's built-in text recognizers to enter a seven-digit (or longer) alphanumeric password. I highly recommend that you use the pop-up keyboard rather than a handwriting recognizer to enter this password. The first time I tested this feature, I used Transcriber to set the password, and I was never able to reproduce the password I initially scrawled.

On a Pocket PC 2002 device, even the Simple 4 Digit Password option is a powerful deterrent to a brute-force attack. On earlier Pocket PC devices, a patient attacker can start with 0-0-0-0 and work his or her way toward 9-9-9-9 to eventually discover the PIN. However, Pocket PC 2002 devices feature a time delay between password retries. After the first incorrect attempt, the delay is very short—but thereafter the delay doubles with every bad guess.

What if an honest person finds your device but the batteries are dead? I recommend taping your business card to the back of the unit. This simple precaution might make all the difference.

Encryption Add-Ons
If you use your PDA for high-security data, you might want more protection than a password can provide. Third-party encryption tools can fill the gap.

Asynchrony.com offers PDA Defense data-encryption software for Palm devices. (The company will support Pocket PCs and Research In Motion's—RIM's—BlackBerry devices later this year.) PDA Defense Standard uses a 64-bit encryption scheme, decrypting data on demand. When the device is locked, the software disables hotsync and infrared (IR) capabilities, thereby eliminating any "backdoors"—even a soft reset brings up the PDA Defense UI that requests your password. (Of course, a hard reset removes the software, but it also wipes out all the device's data.) PDA Defense Professional offers 128-bit and 512-bit encryption options and prevents brute-force attacks by limiting the number of attempts to enter a password. If an attacker persists, a bomb feature automatically deletes all the device's user databases.

Certicom's movianCrypt works on Palm devices only. This product offers 128-bit security and is compatible with Certicom's movianVPN for enterprise-data access.

F-Secure FileCrypto is available in versions that support notebook PCs, Palm devices, Pocket PCs, and Symbian OS devices. All versions offer 128-bit encryption, as well as PIN and passphrase access. During installation, the software creates a Master Key that you can use to unlock the device in the event that you forget the PIN and passphrase. F-Secure FileCrypto for Pocket PC Enterprise Edition encrypts mail and selected folders on the device (and can encrypt selected folders on CompactFlash—CF—cards or other removable media).

Currently, no central-management solution for PDAs lets IT personnel enforce standards for using security mechanisms such as encryption—or even passwords. Microsoft and Palm need to address this crucial deficiency of PDAs in enterprise settings; in particular, Microsoft needs to update Systems Management Server (SMS) to include the missing functionality.

The Happy Ending
I'd given up on finding my Palm VIIx and was prepared to buy a new device when my wife found my Palm in the trunk of our car. The device had slipped down the side of the trunk, its black leather case nearly invisible against the black trunk liner. The batteries had gone dead, wiping out the memory—but new batteries and a hotsync with my desktop PC quickly restored most of my data. I lost only a few notes that I'd never backed up to the desktop.

Because I write about mobile and wireless technology, I have several PDAs, so I easily got by without my Palm VIIx for more than a month. Here's a tip: If you're about to embark on a trip, consider printing out your crucial information—contacts, appointments, directions—and take a paper copy with you. Then you'll be safe if your PDA disappears.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like