Indicted NYC mayor forgets phone passcode

- The Latest Issues
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - Key Issues
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data visualizations
  - Explore the database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Donate

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

Eric Adams, a former police captain, ran for mayor of New York on a promise to be tough on crime. Now he’s been accused of taking illegal campaign funds and bribes — the first-ever federal indictment for a sitting New York mayor.

Adams claimed he would cooperate fully with the FBI. Following a legal request for access to his personal mobile phone, however, he allegedly claimed that he had changed the passcode and told the FBI he did not remember it, and therefore could not help to unlock it.

As Ars Technica writes, “This might sound suspicious, but Adams said that it was actually a result of his attempts to preserve the phone and its data for the FBI. Two days earlier, on November 5, Adams had gotten wind of the investigation into his finances after the FBI raided one of his associates. When he heard this, he changed his personal cellphone passcode, increasing its length from four digits to six.” Read more.

What you can do

(Breathes deeply.) Forgetting your six-digit passcode will not prevent law enforcement from opening your phone. Read more about some of the research timelines behind cracking tools like Cellebrite, used by police to break into mobile devices. Long story short: Old and out of date devices are particularly susceptible to passcode cracking. The newest Google Pixel and iPhones are your best bet, but even then, it only buys you some time.
However, using a numeric passcode is one of the less secure approaches to locking and unlocking your device. We generally recommend journalists use a long, alphanumeric passcode to make it harder for someone to easily guess or crack it. Look for alphanumeric passcode options in your Settings app on both Android or iPhone devices. Learn more about how to set this up from our guide to mobile maintenance.
If you want to be hardcore, we’d recommend randomizing your alphanumeric passphrase to include a few hard-to-predict words, ideally with a password manager. This might be a little tricky to remember at first. What I do is write down the passcode and keep it somewhere on me until I can remember it, then rip it up and lose it when I’m ready. But do whatever works best for you.
This may or may not be security advice, but maybe don’t run for mayor of New York?

Updates from our team

Signal’s new phone number privacy and username features are welcome, yet also introduce some questions: What happened to that username I used to start a conversation? What’s the difference between my contact’s username and profile name? When can I see another user’s phone number? We know these are the big questions keeping you up at night, so we published a blog post unpacking every one of Signal’s identifiers. Check it out.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Martin

–

Martin Shelton
Principal Researcher

Freedom of the Press Foundation

In the news

What you can do

Updates from our team

Get Notified. Take Action