Indicted NYC mayor forgets phone passcode

Martin Shelton

Principal Researcher

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

Anthony Quintano (CC BY 2.0)

In the news

Eric Adams, a former police captain, ran for mayor of New York on a promise to be tough on crime. Now he’s been accused of taking illegal campaign funds and bribes — the first-ever federal indictment for a sitting New York mayor.

Get Notified. Take Action.

Adams claimed he would cooperate fully with the FBI. Following a legal request for access to his personal mobile phone, however, he allegedly claimed that he had changed the passcode and told the FBI he did not remember it, and therefore could not help to unlock it.

As Ars Technica writes, “This might sound suspicious, but Adams said that it was actually a result of his attempts to preserve the phone and its data for the FBI. Two days earlier, on November 5, Adams had gotten wind of the investigation into his finances after the FBI raided one of his associates. When he heard this, he changed his personal cellphone passcode, increasing its length from four digits to six.” Read more.

What you can do

  • (Breathes deeply.) Forgetting your six-digit passcode will not prevent law enforcement from opening your phone. Read more about some of the research timelines behind cracking tools like Cellebrite, used by police to break into mobile devices. Long story short: Old and out of date devices are particularly susceptible to passcode cracking. The newest Google Pixel and iPhones are your best bet, but even then, it only buys you some time.
  • However, using a numeric passcode is one of the less secure approaches to locking and unlocking your device. We generally recommend journalists use a long, alphanumeric passcode to make it harder for someone to easily guess or crack it. Look for alphanumeric passcode options in your Settings app on both Android or iPhone devices. Learn more about how to set this up from our guide to mobile maintenance.
  • If you want to be hardcore, we’d recommend randomizing your alphanumeric passphrase to include a few hard-to-predict words, ideally with a password manager. This might be a little tricky to remember at first. What I do is write down the passcode and keep it somewhere on me until I can remember it, then rip it up and lose it when I’m ready. But do whatever works best for you.
  • This may or may not be security advice, but maybe don’t run for mayor of New York?

Updates from our team

  • Signal’s new phone number privacy and username features are welcome, yet also introduce some questions: What happened to that username I used to start a conversation? What’s the difference between my contact’s username and profile name? When can I see another user’s phone number? We know these are the big questions keeping you up at night, so we published a blog post unpacking every one of Signal’s identifiers. Check it out.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Martin

Martin Shelton
Principal Researcher

Freedom of the Press Foundation

Donate to support press freedom

Your support is more important than ever.

Read more about Digital Security Digest

Discord boosts private call encryption

Discord announced its rollout of end-to-end encryption for voice and video calls in one-to-one and group direct messages, voice channels, and Go Live streams.

Apple seeks dismissal of NSO Group lawsuit

Apple has filed a motion to withdraw a lawsuit against NSO Group, an Israeli spyware company.

Telegram rethinks messaging on content moderation

Following the arrest of Telegram founder and CEO Pavel Durov, the messaging app modified its FAQ page to clarify some new rules.