Two people I know have had their phone stolen within the last few weeks. The cost of replacing a phone can be significant - but both people have said that the stress and hassle is even worse.
If you're not careful, your phone becomes a single point of failure: loss or theft can make it impossible to log in to your accounts. Even if you can log in, you might be unable to change your password or security details. And you may struggle to block the person that stole your phone.
Here are some precautionary measures to take before disaster strikes. Some are Apple specific, and I don't know Android's security features - hopefully someone can add some Android-specific guidance in the comments.
(Apple only) vital if you only have a single Apple device: add a recovery contact, to ensure you can log in to iCloud.
(Apple only) turn on "find my <x>". Even if you don't want to share your location with friends/family, it can help if your device is lost or stolen.
(Apple only) ensure "Stolen Device Protection" is on.
(Apple only) teach other members in your iCloud family how to use "Find my <X>". In theory, "Find My" app can remotely erase family devices - but it prompted us for a verification code that had been sent to the stolen phone. (But also teach your family members to be cautious of "Hey Dad, this is Lisa, I'm on a new phone" style messages!)
ensure your device has a PIN that's hard to guess, and hard to shoulder-surf.
create a recovery email account: an address that you use only for recovering access to accounts. Don't add that email account to any of your devices - only ever access it via webmail, in conjunction with a strong password.
limit what your phone has access to. E.g. separate savings from day-to-day spending, and only let your phone see your day-to-day spending account. The thieves (somehow??) managed to transfer money from a savings account into a current account, and were trying to spend that money via Apple Pay.
practice using the account recovery systems. When your phone is stolen, your stress levels are through the roof and you're under pressure to act quickly. That's not a good time to be dealing with an unfamiliar UI.
look up how you tell your phone provider that your phone has been stolen. E.g. giffgaff's system is very easy to use once you find it - but the link didn't show up in any of our web searches. It is easily found in the "Help" section after logging in, but we ended up having to wait for a giffgaff support agent to answer a query, and that delay further increased the stress.
make sure you've got a good (preferably automated) backup policy, and test it.
Maybe:
get a dumb phone to use in high-risk scenarios. (I hate this suggestion, though - it's like saying "get a nice phone, but be too afraid to use it")
get a YubiKey, or similar, to separate your phone number from 2FA verification.
To my many security guru connections, what have I missed?
ColinWright•3mo ago
Some of the comments posted in response on the other site may be copied here.