Before you're ever put in the position of losing your phone, we recommend taking the time to use good security practices, now:
- Put in a password or pin code prompt. This is typically available in the settings for your smartphone. Remember, alphanumeric passwords are better - and ensure the time for reprompt is no more than a few minutes, if not immediate.
- Keep your apps up to date. Updates to apps can contain important security updates - don't delay in approving them.
- Know the apps you're downloading. If you're not sure about the maker of an app, do your research. Don't share your personal information with apps that you can't verify.
- Enable a device recovery service. This will help you track your device should you lose it, and may help you catch the person responsible if a device is stolen. Lifehacker recommends Prey.
- Set pin code reprompts and autologoff settings in your LastPass apps. These can be found in the Preferences menu of our mobile apps, and will ensure someone cannot easily access your stored LastPass data.
- Use multifactor authentication. Even if you've set your mobile device as "trusted" in your LastPass settings, you can easily revoke access later if needed.
- Back up your data. Ensure you've synced your contacts, photos, and other information so that you have copies of it should your device break or be lost.
- Store sensitive data in LastPass secure notes, not in an unprotected notes app. If you need to record sensitive information on the go, just add a note to LastPass, where you can easily access it, but where the data is protected by a master password, and your pin codes prompts.
Recovering From the Lost Phone
Time is critical when recovering from a lost or stolen device. The sooner you can take action, the better you can protect your data and perhaps even recover your device.
- Activate your lost phone features. If you enabled Find My iPhone, Prey, or another similar service, follow their steps to active the lost device features.
- Update passwords. Update the passwords for Gmail, Facebook, and other services whose accounts are syncing to apps on your mobile device. Once you update the password, they cannot be synced, or even used in some cases, without re-authenticating with the new password.
- Kill active sessions. In LastPass, open the LastPass browser icon menu, and in the Tools sub-menu select the "other sessions" option. This page will show any active sessions for your account. Kill all sessions that are not in use.
- Remotely wipe data. If you are using iCloud, Google Sync, or another service that allows you to remotely wipe data, you should do so after ensuring you've backed up all data possible.
Have a question you'd like to see answered by the LastPass team in a blog post? Let us know in comments or send us a note at marketing[at]lastpass.com. If we choose your question, you'll get a Tshirt!