Top Menu

HIPAA TIPS: Mobile Device Compliance Part 1

Use a password or other user authentication

use a password or other user authenticationYou can configure your mobile device to require a password, personal identification number (PIN), or passcode (a pattern you trace with your finger) to gain access to the device. Keep your password, PIN, or passcode a secret, and don’t store them on your mobile device. You can also configure your mobile device to automatically lock or log you off after a set time of inactivity.

What is a password?

A password is a combination of letters, numbers and keyboard characters that allows a mobile device user access to the mobile device or system resources. It is a means of user authentication.

What is authentication?

Authentication is the process of verifying the identity of a user, process, or device.

How can you use a password or other user authentication to prevent unauthorized access to your mobile device?

  • Create a “strong” password. A strong password is one that is easy for you to remember and hard for anyone else to guess. It should be at least six characters in length, and should include a combination of upper and lower case letters, at least one number and at least one keyboard character, such as a punctuation mark. Change your password often, at least quarterly.
  • Enable the mobile device time-out or automatic logoff feature. This automatically locks the mobile device or logs you off after a set time of inactivity. If your device is lost or stolen, someone would need to know your password, PIN, or passcode to use the mobile device. The time-out or automatic logoff capability varies with the specific mobile device. You will need to research your particular mobile device’s time-out or automatic logoff capability.
  • Keep your passwords, PINs, and passcodes secret. Do not store them on the mobile device.
  • Set up your device to limit the number of unsuccessful login attempts to make it more difficult for unauthorized people to guess your PIN or password.
  • Disable speech recognition/voice control features, such as the phone or laptop personal assistant. If your device is unattended but locked it is possible on some phones to activate voice recognition software and gain access.
  • Limit access to your device utilities and settings to authorized or authenticated user(s). There may be settings or restrictions on your device to ensure that administrative actions like downloading software are limited to the device owner/administrator. Enabling authorization or authentication (password) requirements will minimize the risk of unauthorized changes to your device.
  • Other methods to authenticate to your device may be available such as camera and microphone authentication, pattern gesture recognition, and biometrics e.g. fingerprint recognition. Combining a password or PIN with one of these other authentication methods can further secure your device.
  • Disable SMS (Short Message Service) Preview on your device. If you do not have SMS preview disabled on your device then others can view text messages on your device’s locked screen without authenticated or authorized access.
  • Not all mobile devices have all of these settings and security features. Research your particular mobile device’s settings to determine what features are available and how to implement them.

Source: Mobile Devices Privacy and Security