Page 629 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 629
Often these tools employ a master credential set (multifactor being
preferred) to unlock the dataset when needed. Some credential-
management options can even provide auto-login options for apps and
websites.
Authentication
Authentication on or to a mobile device is often fairly simple,
especially for mobile phones and tablets. However, a swipe or pattern
access shouldn’t be considered true authentication. Whenever
possible, use a password, provide a personal identification number
(PIN), offer your eyeball or face for recognition, scan your fingerprint,
or use a proximity device such as an NFC or RFID ring or tile. These
means of device authentication are much more difficult for a thief to
bypass if properly implemented. As mentioned previously, it’s also
prudent to combine device authentication with device encryption to
block access to stored information via a connection cable.
Geotagging
Mobile devices with GPS support enable the embedding of
geographical location in the form of latitude and longitude as well as
date/time information on photos taken with these devices. This allows
a would-be attacker (or angry ex) to view photos from social
networking or similar sites and determine exactly when and where a
photo was taken. This geotagging can be used for nefarious purposes,
such as determining when a person normally performs routine
activities.
Once a geotagged photo has been uploaded to the internet, a potential
cyber-stalker may have access to more information than the uploader
intended. This is prime material for security-awareness briefs for end
users.
Encryption
Encryption is often a useful protection mechanism against
unauthorized access to data, whether in storage or in transit. Most
mobile devices provide some form of storage encryption. When this is
available, it should be enabled. Some mobile devices offer native
